Oddbean new post about | logout
NotBiebs | 3 months ago (raw) | root | parent | reply | flag +1 
 Even nip-07 extensions like Alby do this #yolo
jb55 | 3 months ago (raw) | root | parent | reply | flag 
 yeah I'm not sure if you can make an isolated and secure browser extension outside of safari ?
VictorieeMan | 3 months ago (raw) | root | parent | reply | flag 
 Good question. Maybe through some wasm?
semisol | 3 months ago (raw) | root | parent | reply | flag +1 
 Yes. I think most people misunderstand how this works.

A bit of JS code is injected that takes the nostr.* calls communicates with the extension that is in an isolated context (AFAIK with postMessage). The extension then checks permissions or does popups.

:/ please do some research
jb55 | 3 months ago (raw) | root | parent | reply | flag 
 yeah its slightly more isolated, but its still floating around in the process space and js env. I would just feel more comfortable with runtime.sendNativeMessage to an app with no network access and shared keychain access with Damus
semisol | 3 months ago (raw) | root | parent | reply | flag 
 makes sense, but you probably have bigger problems if there’s a safari ACE vulnerability
Derek Ross | 3 months ago (raw) | root | parent | reply | flag +2 
 orly. well that's a bad time.
NotBiebs | 3 months ago (raw) | root | parent | reply | flag +2 
 https://v.nostr.build/q6OTxuIIEDDj5SGn.mp4
jb55 | 3 months ago (raw) | root | parent | reply | flag 
 damn this hard af
NotBiebs | 3 months ago (raw) | root | parent | reply | flag 
 For reals. I can’t stop playing it. 🤣