Merge 9e6524c98b into 7dec812f99

07.md

@@ -21,8 +21,11 @@ async window.nostr.nip04.encrypt(pubkey, plaintext): string // returns ciphertex
 async window.nostr.nip04.decrypt(pubkey, ciphertext): string // takes ciphertext and iv as specified in nip-04 (deprecated)
 async window.nostr.nip44.encrypt(pubkey, plaintext): string // returns ciphertext as specified in nip-44
 async window.nostr.nip44.decrypt(pubkey, ciphertext): string // takes ciphertext as specified in nip-44
+async window.nostr.signString(message: string): { hash: string, sig: string, pubkey: string } // return SHA256 `hash` of `message`, Schnorr `sig` of `hash`, `pubkey` of signer
 ```
 
+To ensure signEvent() permission checks are not bypassed, the optional signString() function MUST NOT sign any message that is a valid stringified event.
+
 ### Recommendation to Extension Authors
 To make sure that the `window.nostr` is available to nostr clients on page load, the authors who create Chromium and Firefox extensions should load their scripts by specifying `"run_at": "document_end"` in the extension's manifest.
 

21.md

@@ -21,7 +21,7 @@ The identifiers that come after are expected to be the same as those defined in
 
 ### Linking HTML pages to Nostr entities
 
-`<link>` tags with `rel="alternate"` can be used to associate webpages to Nostr events, in cases where the same content is served via the two mediums (for example, a web server that exposes Markdown articles both as HTML pages and as `kind:30023' events served under itself as a relay or through some other relay). For example:
+`<link>` tags with `rel="alternate"` can be used to associate webpages to Nostr events, in cases where the same content is served via the two mediums (for example, a web server that exposes Markdown articles both as HTML pages and as `kind:30023` events served under itself as a relay or through some other relay). For example:
 
 ```
 <head>

22.md

@@ -143,13 +143,13 @@ A comment on a website's url looks like this:
   "tags": [
     // referencing the root url
     ["I", "https://abc.com/articles/1"],
-    // the root "kind": for an url, the kind is its domain
+    // the root "kind": for an url
-    ["K", "https://abc.com"],
+    ["K", "web"],
 
     // the parent reference (same as root for top-level comments)
     ["i", "https://abc.com/articles/1"],
-    // the parent "kind": for an url, the kind is its domain
+    // the parent "kind": for an url
-    ["k", "https://abc.com"]
+    ["k", "web"]
   ]
   // other fields
 }

24.md

@@ -8,8 +8,7 @@ Extra metadata fields and tags
 
 This NIP keeps track of extra optional fields that can added to events which are not defined anywhere else but have become _de facto_ standards and other minor implementation possibilities that do not deserve their own NIP and do not have a place in other NIPs.
 
-kind 0
+### kind 0
-======
 
 These are extra fields not specified in NIP-01 that may be present in the stringified JSON of metadata events:
 
@@ -19,24 +18,22 @@ These are extra fields not specified in NIP-01 that may be present in the string
   - `bot`: a boolean to clarify that the content is entirely or partially the result of automation, such as with chatbots or newsfeeds.
   - `birthday`: an object representing the author's birth date. The format is { "year": number, "month": number, "day": number }. Each field MAY be omitted.
 
-### Deprecated fields
+#### Deprecated fields
 
 These are fields that should be ignored or removed when found in the wild:
 
   - `displayName`: use `display_name` instead.
   - `username`: use `name` instead.
 
-kind 3
+### kind 3
-======
 
 These are extra fields not specified in NIP-02 that may be present in the stringified JSON of follow events:
 
-### Deprecated fields
+#### Deprecated fields
 
   - `{<relay-url>: {"read": <true|false>, "write": <true|false>}, ...}`: an object of relays used by a user to read/write. [NIP-65](65.md) should be used instead.
 
-tags
+### tags
-====
 
 These tags may be present in multiple event kinds. Whenever a different meaning is not specified by some more specific NIP, they have the following meanings:
 

46.md

@@ -105,6 +105,7 @@ Each of the following are methods that the _client_ sends to the _remote-signer_
 | `nip04_decrypt`          | `[<third_party_pubkey>, <nip04_ciphertext_to_decrypt>]`                       | `<plaintext>`                                                          |
 | `nip44_encrypt`          | `[<third_party_pubkey>, <plaintext_to_encrypt>]`                              | `<nip44_ciphertext>`                                                   |
 | `nip44_decrypt`          | `[<third_party_pubkey>, <nip44_ciphertext_to_decrypt>]`                       | `<plaintext>`                                                          |
+| `sign_string`           | `[<message_string_to_sign>]`                                                  | `json_stringified({ hash: <sha256_of_message>, sig: <schnorr_of_hash>, pubkey: <pubkey> })`               |
 
 ### Requested permissions