Avatar
mfostr 3w ago

#AskNostr #Nostr 👀 WebWorkers and iFrame isolation with window.nostr.signEvent(), as if it were using any NIP-07 extension, represent a great move in the right direction. I recommend that Nostr developers pay attention to OPFS capabilities versus IndexedDB where possible. OPFS avoids metadata leakage and is now part of the Baseline in all browsers. 🔏

https://primal.net/e/nevent1qqs8tqf99ddes0jh4lngxaaxjm3r39kc3xvqeh2xjxg7pjmwd87q68qnrcn50

nostr:naddr1qqsxummnw3e8qctnwvkkgetrv4h8gunpd35h5ety945kgetww35hg7gpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgq3qk7cnst4fh4ajgg8w6ndcmqen4fnyc7ahhm3zpp255vdxqarrtekqxpqqqp65wuvt8qe

Reply to this note

Please Login to reply.

Discussion

Avatar
bigmarh 3w ago

What stops a rogue extension from accessing the OPFS using navigator.storage.getDirectory() by injecting a