This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
The developer may have some expectation that when he decrypts ciphertext on the end point it isn't visible to the end user, but that isn't the case. (Dan Boneh's comments). An informative note? Dan Boneh
I think it should be clear to JS developers that any data visible to JS is visible from the developer console to the user. Suggest won't-fix.