it mentions that in the login form you can hide the field values that are generated address, custom message (including the website title, the user's nonce, and the current timestamp), and signature since JavaScript can handle the content, and that the user will only interact with the button and the browser extension, but if you did that then the user may not know what they're signing, and whilst i think it's now possible to view the custom message in the browser extension like MetaMask when they're actually signing it with their Ethereum account, it may not be clear what those values represent when they appear on the MetaMask page where they're prompted to sign, so perhaps it's better to first display and explain what the custom message contains on the frontend page itself so the users understand, or if it's possible to provide information about each part of the custom message to MetaMask when they click to login and update the MetaMask codebase so the user can toggle a view that explains more information about what parts of the custom message mean within the MetaMask signature windows prompt
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
it mentions that in the login form you can hide the field values that are generated address, custom message (including the website title, the user's nonce, and the current timestamp), and signature since JavaScript can handle the content, and that the user will only interact with the button and the browser extension, but if you did that then the user may not know what they're signing, and whilst i think it's now possible to view the custom message in the browser extension like MetaMask when they're actually signing it with their Ethereum account, it may not be clear what those values represent when they appear on the MetaMask page where they're prompted to sign, so perhaps it's better to first display and explain what the custom message contains on the frontend page itself so the users understand, or if it's possible to provide information about each part of the custom message to MetaMask when they click to login and update the MetaMask codebase so the user can toggle a view that explains more information about what parts of the custom message mean within the MetaMask signature windows prompt