We can create a Webpage on a separate domain (like, vault.superhero.com) holding mnemonic phrase in its localStorage. This webpage should provide an interface via postMessage to SW domain:
to generate/set memonic phrase;
to sign arbitrary data;
to remove mnemonic phrase.
Removing/overriding mnemonic phrase can be done only with user's confirmation in popup opened on a Webpage domain.
User won't notice this change, except for mnemonic removal confirmation. And SW would protect itself from accidental mnemonic removal or exposing a private key. You can continue active development of the wallet with less risks, making changes to Webpage only if necessary. The downside of this approach is that running an extra js context (a hidden Webpage iframe) requires some resources.
We can create a Webpage on a separate domain (like, vault.superhero.com) holding mnemonic phrase in its
localStorage
. This webpage should provide an interface viapostMessage
to SW domain:Removing/overriding mnemonic phrase can be done only with user's confirmation in popup opened on a Webpage domain.
User won't notice this change, except for mnemonic removal confirmation. And SW would protect itself from accidental mnemonic removal or exposing a private key. You can continue active development of the wallet with less risks, making changes to Webpage only if necessary. The downside of this approach is that running an extra js context (a hidden Webpage iframe) requires some resources.