From be347155e87bdfe14948f3a871fcfe24948f6b93 Mon Sep 17 00:00:00 2001
From: sneak <sneak@sneak.berlin>
Date: Thu, 26 Feb 2026 03:57:23 +0700
Subject: [PATCH] Check per-address permissions before broadcasting
 accountsChanged

When the active address changes, each tab now receives either the new
address (if permitted) or an empty array (if not). This prevents dapps
from seeing an address they have no permission for, which caused them
to break.
---
 src/background/index.js | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/background/index.js b/src/background/index.js
index 77d0958..7f980f6 100644
--- a/src/background/index.js
+++ b/src/background/index.js
@@ -330,18 +330,25 @@ async function handleRpc(method, params, origin) {
     return { error: { message: "Unsupported method: " + method } };
 }
 
-// Broadcast accountsChanged to all tabs
+// Broadcast accountsChanged to all tabs, respecting per-address permissions
 async function broadcastAccountsChanged() {
+    const s = await getState();
     const activeAddress = await getActiveAddress();
-    const accounts = activeAddress ? [activeAddress] : [];
+    const allowed = activeAddress ? s.allowedSites[activeAddress] || [] : [];
     tabsApi.query({}, (tabs) => {
         for (const tab of tabs) {
+            const origin = tab.url ? new URL(tab.url).origin : "";
+            const hostname = extractHostname(origin);
+            const hasPermission =
+                activeAddress &&
+                (allowed.includes(hostname) ||
+                    connectedSites[origin + ":" + activeAddress]);
             tabsApi.sendMessage(
                 tab.id,
                 {
                     type: "AUTISTMASK_EVENT",
                     eventName: "accountsChanged",
-                    data: accounts,
+                    data: hasPermission ? [activeAddress] : [],
                 },
                 () => {
                     // Ignore errors for tabs without content script