semisol's avatar
semisol semisol@nostr.land 1 year ago
Yes. I think most people misunderstand how this works. A bit of JS code is injected that takes the nostr.* calls communicates with the extension that is in an isolated context (AFAIK with postMessage). The extension then checks permissions or does popups. :/ please do some research
↑ Parent

Replies (1)

jb55's avatar
jb55 _@jb55.com 1 year ago
yeah its slightly more isolated, but its still floating around in the process space and js env. I would just feel more comfortable with runtime.sendNativeMessage to an app with no network access and shared keychain access with Damus
1 replies ↓