Nethereum / Nethereum.Templates.Metamask.Blazor

Metamask + Nethereum + Blazor interop
Apache License 2.0
87 stars 31 forks source link

JS Interop is leaking critical data #10

Closed robertmclaws closed 2 years ago

robertmclaws commented 2 years ago

In reviewing the JS code inside Nethereum.Metamask.Blazor, it appears to be console.logging everything that is moving through the pipeline. That's great for development as you're experimenting, but terrible for production-level code. This should be removed, or there should be a flag to turn logging on that is off by default.

juanfranblanco commented 2 years ago

Yes and no, yes this logging and to allow users (devs) to see what is happening (as a template), which is important to get an understanding, metamask examples do the same. There is not an issue of leaking the data as this is just simple pipeline, you can inject any code to see the interaction with metamask, the node etc. Now for an end user, with some knowledge it is actually good to see what is being sent.

Although, reflecting on this, users (devs) might leave it on, and keep flooding the console.

Enabling and disabling that is a good idea, although from your original issue, "data leaking" this is not going to help, but for an advance user or dev, this can be easily set as global value to see the data.

juanfranblanco commented 2 years ago

Done