ditch base32768 thing, stick to all-js-on-same-host to comply with CSP

example/index.html

@@ -2,7 +2,6 @@
 <html lang="en">
 <head>
   <meta charset="utf-8">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <title>📋 Todo List</title>
   <meta name="viewport" content="width=device-width, initial-scale=1">
   <style>
@@ -34,7 +33,7 @@
           <input type="hidden" name="nonce" />
           <input type="submit" disabled="true" value="Add" />
           <div class="captcha-container" 
-              data-sqr-captcha-url="{{ .CaptchaURL }}" 
+              data-sqr-captcha-url="http://localhost:8080/" 
               data-sqr-captcha-challenge="{{ .Challenge }}" 
               data-sqr-captcha-callback="myCaptchaCallback">
          </div>
@@ -48,6 +47,31 @@
       document.querySelector("form input[type='submit']").disabled = false;
     };
   </script>
-  <script src="{{ .CaptchaURL }}/static/captcha.js"></script>
+  <script src="/static/captcha.js"></script>
+  <!-- <script src='./static/scrypt_wasm.js'></script>
+  <script>
+    const { scrypt } = wasm_bindgen;
+
+    async function run() {
+      console.log("a");
+      await wasm_bindgen();
+
+      console.log(scrypt(hexEncode('password in hex'), hexEncode('password in hex'), 4096, 8, 1, 16))
+    }
+
+    run();
+
+    function hexEncode(s){
+      var hex, i;
+
+      var result = "";
+      for (i=0; i<s.length; i++) {
+          hex = s.charCodeAt(i).toString(16);
+          result += ("000"+hex).slice(-4);
+      }
+      return result
+    }
+
+  </script> -->
 </body>
 </html>