You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Ratelimit the speed at which sites can create getInfo()/sendInvoice()/makeInvoice() requests if they require opening a window (for example, getInfo(), if pre-approved, should not be ratelimited). In testing, a buggy/malicious site can easily open tens or hundreds of windows.
Existing Example(s) of Feature
Here is an example piece of code to trigger the malicious action:
<html>
<header>
<script src="https://unpkg.com/[email protected]/dist/webln.min.js" integrity="sha384-mTReBqbhPO7ljQeIoFaD1NYS2KiYMwFJhUNpdwLj+VIuhhjvHQlZ1XpwzAvd93nQ" crossorigin="anonymous"></script>
<script>
async function alertInvoice() {
var webln = await WebLN.requestProvider();
var weblnbolt11 = await webln.makeInvoice({defaultAmount: "5", minimumAmount: "1", maximumAmount: "10"});
}
</script>
</header>
<body>
<input type="button" onclick="for(var i = 0; i < 15; i++) {alertInvoice();}" value="Click me!" />
</body>
</html>
The text was updated successfully, but these errors were encountered:
Description of the Feature or Idea
Ratelimit the speed at which sites can create getInfo()/sendInvoice()/makeInvoice() requests if they require opening a window (for example, getInfo(), if pre-approved, should not be ratelimited). In testing, a buggy/malicious site can easily open tens or hundreds of windows.
Existing Example(s) of Feature
Here is an example piece of code to trigger the malicious action:
The text was updated successfully, but these errors were encountered: