I'm trying to solve the following problem:
The user has a public-private keypair. The public key is known, while the private key is kept secret by the user.
The webserver has data that was encrypted using the user's public key.
I want the user to be able to decrypt the webserver data using their private key (using a browser extension like MetaMask that has their private key stored), and then display that data to the user in a web page, while also PREVENTING the web page from being able to store that data.
Any suggestions on how this might be done?
Update; you can indeed do this with an iframe. Iframes are surprisingly secure actually. The browser effectively partitions the iframe from its parent, and vice-versa, even though to the user they look like they're the same page to the user. You can inject private information into a protected iframe on a webpage without giving that webpage access to the data. This is the method Stripe uses to embed credit-card entry fields directly into websites.