[chrisfarms]

As soon as my file is readable by javascript it could be sent anywhere by your code. I'm not saying you do, but it could. Therefore this adds an unnecessary risk. I would have to disconnect my machine from the network and clear all the browser storage before reconnecting to even begin to think this was safe.

Just to be clear: I'm not saying it's useless, just that if the file I was encrypting was so important that I needed to encrypt it, doing it in a sandbox that is directly connected to an untrusted third-party wouldn't be a very bright move.

[sobel]

It's all in one html file, so it will work disconnected from the internet. Download or save the page, turn off your internet, open it in a browser, and encrypt with peace of mind (although the javascript could still use off-line storage and then next time you're online on the page access it, I guess).