weizman
Hi @BrettCleary , here are my thoughts: The way I see it, MetaMask isn't built for running in an electron app which its privileges distribution environment is just different than...
Mind suggesting a pr please?
Hi @matanber, As you've probably seen, there are quite a few reported issues against the Snow project, which we haven't addressed yet on purpose. These issues have taught us that...
And as for this bypass specifically - awesome work. Truly.
`MutationObserver` isn't a synchronous API, so by the time it tells you a new iframe is introduced to the page, it's too late because the attacker probably gained access to...
It's all a matter of what you're trying to defend 😉
> At this point he should just disable iframe srcdoc. nobody actually uses it @deryilz The motivation behind Snow originally was to not limit anything the web offers, unless they...
Hi @matanber , please see https://github.com/LavaMoat/snow/issues/158#issuecomment-2094736819
And as for this specific bypass - good one. I remember realizing this can be done at some point after merging the original solution, so I can't say I'm surprised....