laantungir
/
nips
mirror of https://github.com/nostr-protocol/nips.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added constraining rule for signString

This commit is contained in:
Rob Woodgate 2025-03-23 19:24:43 +00:00
parent fdb31772a0
commit 9e6524c98b
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
07.md
View File

@ -24,6 +24,8 @@ async window.nostr.nip44.decrypt(pubkey, ciphertext): string // takes ciphertext
async window.nostr.signString(message: string): { hash: string, sig: string, pubkey: string } // return SHA256 `hash` of `message`, Schnorr `sig` of `hash`, `pubkey` of signer async window.nostr.signString(message: string): { hash: string, sig: string, pubkey: string } // return SHA256 `hash` of `message`, Schnorr `sig` of `hash`, `pubkey` of signer
``` ```
To ensure signEvent() permission checks are not bypassed, the optional signString() function MUST NOT sign any message that is a valid stringified event.
### Recommendation to Extension Authors ### Recommendation to Extension Authors
To make sure that the `window.nostr` is available to nostr clients on page load, the authors who create Chromium and Firefox extensions should load their scripts by specifying `"run_at": "document_end"` in the extension's manifest. To make sure that the `window.nostr` is available to nostr clients on page load, the authors who create Chromium and Firefox extensions should load their scripts by specifying `"run_at": "document_end"` in the extension's manifest.