|
|
|
|
|
|
by febusravenga
406 days ago
|
|
|
Yes, it is. Just create _strict_ content security profile, which doesn't allow any external requests (fetch) and only allow load of resources (css, image, whatever) from predefined manifest. App cannot exfiltrate any data in that case. You may add permissions mechanisms of course (local disk, some cloud user controls, etc). That's a big challenge in standards and not sure if anyone is working on such strongly restricted profile for web/js. |
|
|