weizman
I created an awesome list that talks gathers info regarding javascript anti debugging, and I think it should belong in this repo :)
This is a working PoC of [snow](https://github.com/lavamoat/snow) integration. it installs Snow dependency, loads it as vetted shim within every relevant html file of the extension (popup, home, background, notification) and...
not necessarily an issue, maybe more of a question: why aren't there any JS examples? mapping those might be important too, in order to have an inclusive documentation of all...
https://github.com/LavaMoat/LavaDome/pull/26 Bottom line: React exposes everything that's passed into it, which compromises LD's secret. To address that, we must force the developer to wrap the text with a token only...
Wanna see if I can force MM to not allow load of internal iframes after it was introduced at https://github.com/MetaMask/metamask-extension/pull/21765/files#diff-edee27b141baee43e8d6e83fc0d7b37579fe713e6da681d6d5d0a59ea0f88165L3
> _Inspired by a thought introduced to me by @NicholasEllul_ ## `useStateEncrypted` ### Motivation Not that this is an actual current threat, but rather a potential one: Sensitive information (along...
## Introduction The proposal for **R**ealms **I**nitialization **C**ontrol (referred to as **RIC**) allows developers to securely tap into the creation moment of [same origin realms](https://github.com/weizman/Realms-Initialization-Control#Same-Origin-Realm) within their web application in...
UPDATE: see https://github.com/LavaMoat/snow/issues/110#issuecomment-1662702303 As of today, it is a conscious decision to disable some native behaviour in the browser when it is (1) posing a security concern to Snow and...
### WebKittens _No response_ ### Title of the proposal Realms Initialization Control ### URL to the spec https://github.com/WICG/Realms-Initialization-Control ### URL to the spec's repository https://github.com/WICG/Realms-Initialization-Control ### Issue Tracker URL _No...