xxB-2024-003: Haven Browser Extension Implementation

Grants and Bounties
5

Good evening to all of you,

We want to present the completion of our initial bounty, the API Design. I’m also glad to share some initial work that we have been doing that led to an MVP regarding our testing out the API design.

As attached, there are 2 PDFs, the initial one named API Design, representing the technical details, and the 2nd one named Flow, representing a high-level overview.

xxnetwork - API.pdf (72.5 KB)
xxnetwork - Flow.pdf (39.6 KB)

To see our MVP in working, I’d like to share this video to be previewed on this link.
The GitHub repo can be found here (link)

I’d like to share the following considerations we have made while designing this:

  • We intend to apply DomPurify, a HTML/JS cleaner that will significantly reduce a potential XSS attack.

  • We looked into encrypting the data within a 3rd party storage system (cloud-based) however as our research showed, extensions are sufficiently isolated from the browser to not bear a significant risk that would need an additional encrypted storage. (ref: Content scripts  |  Chrome Extensions  |  Chrome for Developers)

  • We are pursuing the following general logic for next steps and implementation:

    • The web app directly pushes data to the extension, as there wont be any need for holding authentication values in local storage. If there is no extension, it will create the local storage (xx network side will adjust the part of the web app, and local storage as discussed with @rick )

  • As the data is going to be pushed straight from the web application to the extension through the Chrome API, there won’t be any additional need for encryption in the transportation system.

  • We researched and tested a potential synchronous IndexDB implementation (on request of @rick), although we deemed it as not feasible within the existing bounty implementation. However, this is feasible and we do so it is possible for a secondary bounty by a 3rd party.

Our next steps will be to work on the GO Library modifications and continue our MVP into the next stage, alongside the remaining extension design.

We would like to invite any xx.network or interested parties to share with us their questions or criticism, as this stage is very favourable before the implementation of our created design/architecture.

Thank you, and talk soon.

If you’d like to refrain from downloading any documents, I have taken the liberty to upload all files in this Proton Drive

1 Like