Nostr Web Client

I am wondering if a client did something it shouldn't have done. I'll give them benefit of the doubt for now and think maybe it was an accident that they had this happen, testing something and hopefully forgot to remove it from a dev environment before going to prod.

moonsettler 2y ago

could be cross site scripting attack as well, no? maybe the plugin needs a policy about signing profile updates requiring confirmation always?

Reply to this note

Please Login to reply.

Discussion

Derek Ross 2y ago

This is actually a good idea. I don't want to have to authorize every single like or post. I'd be okay having kind 0 events be double confirmation.