nostr:npub1a76kz9rpksup2tye06uf67w2gffyvmp70q7je0fluxukul20xjpq473kkt I see that there have been a few #XSS vulnerabilities in the clients in the past. In that case, the client credentials could be stolen from the client.

Is there any mitigation in place for this? Like, would the credentials not be accepted if coming from a different IP, something like that?

Of course the protections against XSS are valuable. But we can't assume there won't be more vulnerabilities in the future.