This project is a prototype (more like a feasibility study), i.e., there wont be extensive testing as this wont become a product. The idea here is to test if an approach is feasible and test compatibility in few browsers.
However, this is I believe an impossible task. So I signup with two isps (different domains; different admins). Now, I have two websites hosted by two isps (assume that I already configured the domain names at my dns provider): [url removed, login to view] and [url removed, login to view]
I still dont trust the admins of these isps and afraid that they may fiddle with my js application (password manager) and steal my passwords. However, I believe they wont cooperate. So I assume at least one of them will not change my js.
So both websites will host the same (or similar) script and can set the [url removed, login to view] to apps.example.com. I would like the js downloaded from both websites to cross check whether the js downloaded from the other website has not been fiddled with.
The issue is that the browsers have only one URL line. Thus, when I want to run my web app, one script needs to be the master/main. This creates the security problem we need to solve in this project. The security issue is that when I visit [url removed, login to view], the admin can change the js code not to download any script from [url removed, login to view] but still claim that it did and everything is OK.