From 9e6524c98bd38e6477b7046336f85391cb3c3364 Mon Sep 17 00:00:00 2001
From: Rob Woodgate <robwoodgate@mac.com>
Date: Sun, 23 Mar 2025 19:24:43 +0000
Subject: [PATCH] Added constraining rule for signString

---
 07.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/07.md b/07.md
index 6d2a64cf..8e7ad370 100644
--- a/07.md
+++ b/07.md
@@ -24,6 +24,8 @@ async window.nostr.nip44.decrypt(pubkey, ciphertext): string // takes ciphertext
 async window.nostr.signString(message: string): { hash: string, sig: string, pubkey: string } // return SHA256 `hash` of `message`, Schnorr `sig` of `hash`, `pubkey` of signer
 ```
 
+To ensure signEvent() permission checks are not bypassed, the optional signString() function MUST NOT sign any message that is a valid stringified event.
+
 ### Recommendation to Extension Authors
 To make sure that the `window.nostr` is available to nostr clients on page load, the authors who create Chromium and Firefox extensions should load their scripts by specifying `"run_at": "document_end"` in the extension's manifest.