nielliesmons on Nostr: So if my chat app is a signer, what's so dangerous about interacting with an ...
So if my chat app is a signer, what's so dangerous about interacting with an HTML-based widget inside my app?
Especially if that widget is Nostr-comms-only (no legacy API's etc...)
The alternative is that users are directed out of my app to a handler that is likely web-based anyway (with a way larger attack surface) and for which the first thing they'll need is...
A signer 🤦♂️
Published at
2024-10-18 15:33:10Event JSON
{
"id": "fb29c68753f36a09a1798d6c59c81d97554c24ca28c94aeb979decd2834ab88a",
"pubkey": "a9434ee165ed01b286becfc2771ef1705d3537d051b387288898cc00d5c885be",
"created_at": 1729265590,
"kind": 1,
"tags": [
[
"a",
"34550:a9434ee165ed01b286becfc2771ef1705d3537d051b387288898cc00d5c885be:groupchats"
]
],
"content": "So if my chat app is a signer, what's so dangerous about interacting with an HTML-based widget inside my app?\nEspecially if that widget is Nostr-comms-only (no legacy API's etc...)\n\nThe alternative is that users are directed out of my app to a handler that is likely web-based anyway (with a way larger attack surface) and for which the first thing they'll need is...\n\nA signer 🤦♂️ ",
"sig": "da7120dbf997f98378f5f08b428605fc71f53e64963fb34a3e2b1099762c1ef4ffbf8aa3d21ec461f69d29589a56f95023b655feb926bb087d11c6d2e3eb323b"
}
