rdbell
NIP-07 support for extension login
Nvote was originally designed with the goal of including no JavaScript in the codebase. The primary idea behind this was to allow users to enjoy all of nvote's features even with extreme privacy settings/extensions enabled.
I also wanted nvote to serve as a counterexample against overuse of JavaScript in modern web apps. I think a lot of web apps depend on JS as an unnecessary UX crutch and contribute to progressively heavier bloat in most of the web apps we use today. There's something special about finding a site in 2022 that can load blazingly fast from low-powered hardware on a satellite connection in the middle of the ocean or an airplane's wifi.
With that context out of the way, I understand that event signing and pubkey derivation is usually more appropriately handled on the client side. The safest way to access nvote is by running an nvote instance locally, but if a user insists on accessing nvote through a public relay they're better off using something like a window.nostr browser extension in most cases.
If someone wants to work on this I'm willing to contribute and merge a PR. I'd probably still encourage being careful about considering additional JavaScript functionality in the future though.
I think this might be a good exception to the rule, as it would be more secure than having people post in their PKs.
