Reputation: 2647
How to ensure that JavaScript page does not communicate
I created a small JavaScript application for which I reused some (quite large) JavaScript resources that I downloaded from the internet. My application runs in the browser like other interactive web applications but works entirely offline.
However, I intend to enter some private information in the application which it shall visualize. Since I cannot ultimately trust the JavaScript pieces that I downloaded, I wonder if there is a JavaScript option to make sure that no data is downloaded and, in particular, uploaded to the web.
Note that I am aware that I can cutoff the local internet connection or perhaps change browser settings or use an application firewall, but this would not be a solution that suits my needs. You may assume that the isolation of a browser instance is save, that is no other, possibly malicious, web sites can access my offline JavaScript application or the user data I enter. If there is a secure way to (automatically) review the code of the downloaded resources (e.g. because communication is possible only via a few dedicated JavaScript commands that I can search for) that would be an acceptable solution too.
Upvotes: 1
Views: 76
Answers (2)
Reputation: 23798
Find it yourself by watching your browser's network activity while your application is in action.
There are more than enough tools to do this. Also, if you know how to use netstat command line tool, it is readily shipped with windows.
Here is one cool chrome extension which watches the traffic of the current tab.
https://chrome.google.com/webstore/detail/http-trace/idladlllljmbcnfninpljlkaoklggknp
And, here is another extension which can modify the selected traffic.
You can set the filters and modify all requests/responses happening in your page.
If you want to write an extension to block requests yourself, check this answer out.
Upvotes: 1
Reputation: 16079
You should take a look at the Content Security Policy (CSP) (see here and here). This basically blocks every connection from your browser to any other hosts, unless explicitely allowed. Be aware that not all browsers support CSP, which leads to potential security problems.
Reviewing the library code might be difficult because there are many ways to mask such code pieces.
Upvotes: 1
Related Questions
- How to not execute JS code on specific page
- Disabling the ability for JavaScript to load anything in a page
- Prevent to load a page with js disabled
- Is there a way to keep JavaScript from running on my website?
- how to prevent scripts from being run
- Stop javascript from executing
- Prevent javascript execution
- Hiding javascript in the page
- Javascript way to disable other script tags from executing?
- Prevent access to Javascript based website or