I wonder if the native app could add window.nostr to the webview and keep the private key fully protected from XSS and any security breach of the PWA origin.
Discussion
Meaning custom native code for key management in the native app.
Even if you can't inject window.nostr you should be able to listen for window.postMessage() calls or something similar, no? Then you just need to handle that proprietarily on a Swift "backend" for Iris.
Not the same thing but related: I was logged with Wiki browser + extension, the app got the same webview + extension and I'm logged on it too.
About you request: I suppose you can simply create the callbacks methods on window and feed them from the app.
If you are loading the site into WKWebview you can inject anything you want into the site. You can definitely make a bridge to talk back and forth. Swift <> JavaScript.
Be cautious, apple is very weird about doing this.
how hard would it be to make something like a pure Nostr browser that just loads HTML/JS Nostr apps from URLs and injects window.nostr?