lightning-browser-extension icon indicating copy to clipboard operation
lightning-browser-extension copied to clipboard

Published 20 hours ago verified publisher icon getAlby

WIP: Alby Boost Button

Open reneaaron opened this issue 3 years ago • 1 comments

Describe the changes you have made in this PR

A first version of the boost button, enabled for Youtube.

  • BoostButton component written in react (styles are applied inline and won't affect injected pages)
  • Uses web components (but no shadow DOM)
  • Migrated 2 Youtube Batteries into one (we have to watch the DOM for changes)
  • New window.alby.lnurl() to retrieve invoices from LNURLs (migrated existing actions from keysendto webln/keysend to handle the different messages respectively)
  • Created new inject script which is limited to the top frame (otherwise the button e.g. would be displayed in every iframe)

Type of change (Remove other not matching type)

  • feat: New feature (non-breaking change which adds functionality)

Open tasks

  • [ ] Integrate inpage-components into build (or put into a separate repository & use npm?)

Checklist

  • [ ] My code follows the style guidelines of this project and performed a self-review of my own code
  • [ ] New and existing tests pass locally with my changes
  • [ ] I checked if I need to make corresponding changes to the documentation (and made those changes if needed)

reneaaron avatar Sep 25 '22 10:09 reneaaron

Socket Security Report

Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.

📜 New install scripts detected

A dependency change in this PR is introducing new install scripts to your install step.

Package Script field Location
[email protected] (added) postinstall src/extension/inpage-components/package.json via [email protected], [email protected]
[email protected] (added) postinstall src/extension/inpage-components/package.json via [email protected], @pmmmwh/[email protected]
Socket.dev scan summary
Issue Status
Did you mean? ✅ no new possible package typos
Install scripts ⚠️ 2 new install scripts detected
Telemetry ✅ no new telemetry
Troll package ✅ no new troll packages
Malware ✅ no new malware
Native code ✅ no new native modules
Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] [email protected]

⚠️ Please accept the latest app permissions to ensure bot commands work properly. Accept the new permissions here.

Powered by socket.dev

socket-security[bot] avatar Sep 25 '22 10:09 socket-security[bot]

Summary of the conversation with @reneaaron

  1. web components with shadow dom (didn't work because i.e. YT is messing up the shadow dom usage)
  2. external component without shadow dom (didn't work because of CSS build and possible CSS interference from the host-site)
  3. button within extension with simple UI (hard to maintain and possible CSS interference from the host-site)
  4. iframe (possible issue with payment-origin)

escapedcat avatar Dec 05 '22 16:12 escapedcat