diff --git a/src/gui/views/goblin/mod.rs b/src/gui/views/goblin/mod.rs index 073ebb94..861cc3a3 100644 --- a/src/gui/views/goblin/mod.rs +++ b/src/gui/views/goblin/mod.rs @@ -664,6 +664,8 @@ impl GoblinWalletView { if self.settings_page == SettingsPage::Identities { self.identity_switch = IdentitySwitchState::default(); } + // TODO(audit L4): reset AdvancedState on back navigation too, so a + // revealed nsec/password does not survive leaving the Advanced page. self.settings_page = SettingsPage::Main; return false; } diff --git a/src/nostr/authuri.rs b/src/nostr/authuri.rs index f46f468b..37f34646 100644 --- a/src/nostr/authuri.rs +++ b/src/nostr/authuri.rs @@ -300,6 +300,8 @@ pub(crate) fn domain_bound(callback: &str, domain: &str) -> bool { /// arrays of strings. A `delegation` tag is rejected outright (defense in depth, /// even though delegation tokens are unreachable here). Any deviation rejects. fn validate_template(raw: &str) -> Option