Improving The Trustworthiness Of Javascript On The Web
Cloudflare, Thursday, October 16th, 2025
The web is the most powerful application platform in existence. As long as you have the right API, you can safely run anything you want in a browser. Well ... anything but cryptography.
It is as true today as it was in 2011 that Javascript cryptography is Considered Harmful. The main problem is code distribution. Consider an end-to-end-encrypted messaging web application. The application generates cryptographic keys in the client's browser that lets users view and send end-to-end encrypted messages to each other. If the application is compromised, what would stop the malicious actor from simply modifying their Javascript to exfiltrate messages?