The fundamental idea is to transmit encrypted content to a hidden HTTP iframe. Which then sends it to a HTTPS iframe using window.postMessage() (in HTML5) or via cookies. Since the HTTPS iframe is secure it cannot be tampered with, it also contains the decryption keys. The HTTPS iframe then proceeds to decrypt the message and renders it on the page.
Please read (before you dismiss it is impossible!): http://www.research.rutgers.edu/~ashwink/ajaxcrypt/
I am looking for help from Javascript and HTML experts to convert it into a library (LGPL).
No comments yet.
