e22dbbe85c
Previously the resolver accepted any string value from a domain's .well-known/nostr.json `names` map and persisted it to IndexedDB. A malicious or misconfigured NIP-05 server could return arbitrary data (non-hex, wrong length, HTML, etc.) that would then be cached and passed to downstream consumers as a pubkey. Exploitation impact is limited because invalid hex simply fails to match anywhere in the Nostr filter API, but hygiene and cache integrity warrant rejecting malformed values outright. Enforce the standard 64-char lowercase hex shape and evict any cached entry that fails validation.