While this may work for unsophisticated attacks, wouldn't it still be possible for a more sophisticated adversary to do something more like store the document in browser local storage, and then later with internet access to post the contents?
I haven't spent a huge amount of time in the browser security space, but I do think there is quite alot of surface area if you give the browser session sensitive data.
If you are using an incognito tab, anything in local storage, cookies, even caches should go away. I am not 100% up on the details but I believe modern browsers are pretty strict about isolating incognito state.
You're right though in general, that's why the incognito tab is important.
I mean, I considered this implied within the suggestion of using incognito mode.
In any event, it's an unrealistic attack vector. No bad actor is going to target 0.1% of edge cases when you could get enough damaging information from people who do not go through this process and remain connected to the internet.
Did you try this? Does not work with FF 99 in a private tab on macOS 12, at least for me. It stays stuck at "Rendering finished, waiting for processing".
It's possible for an extension to intercept and block requests, but as Kevin mentions in your sibling comment, it's not enough because they could write data to local storage and then read it later when you're back online if you ever visited that domain again. An extension would have to cover a lot of bases to ensure that data couldn't leak, and I wouldn't trust one to cover them all.
1. load the site in an incognito tab
2. disable internet
3. run the conversion and download the result
4. close the incognito tab
5. re-connect the internet