[pcthrowaway]

You have to trust the server to not serve a page which will exfiltrate the encrypted data with Javascript (and why wouldn't you if it's self-hosted).

Though I'm not sure exfiltration is actually prevented since extension scripts can still run in the page context.

[lxgr]

If you have compromised browser extensions with script injection access, it's game over from a security perspective of any sites you visit.

As a sidenote, that's actually one significant benefit of the "Manifest V3" Web Extension model – it's possible to grant these permissions on a per-site basis. (For example, you can allow uBlock Lite script injection access only on some sites, and limit it to declarative network request blocking otherwise.)

[lesuorac]

I think you missed the point they were making.

When you go to say Google Docs, you're retrieving JS from _not_ your stuff. That JS (theoretically) can be altered to send back unencrypted data back to Google Docs.

The point they were making is that in this scenario you've self-hosted the JS and so it's not going to be altered to send back unencrypted data because you yourself aren't going to do that alteration.

---

Sure in both scenarios if you have an extension that uploads the content of the page it doesn't matter but there are more threat scenarios that apply to JS served from not your server than from your server.

[lxgr]

They mentioned extensions though, and I made a comment on that specific attack vector.

[pcthrowaway]

Above commenter got it exactly right. Yes, if you've installed extensions with malicious code, your data anywhere can be exfiltrated.

That is one of the privacy dangers of cryptpad, and it's not particularly far-fetched. Specifically with shared documents, one needs to trust that every extension every user who visits your document has installed is non-malicious in order to have an assurance that only approved people will see those docs.

Of course this is a browser-based consideration that would affect shared docs on any browser-based platform, but as a privacy-focused app I think it's fair to consider modes of failure inherent in it being a browser-based app. Signal and other Desktop applications, by contrast, wouldn't have these same risks (and Cryptpad could similarly bundle its client as an electron-based app to provide better security).