activeAccountChanged Event fires without permissions

[chilligerchief]

I noticed a security issue in the xperience wallet extension:

The activeAccountChanged fires, even though I never requested permissions for the web app.
This is obviously unintended behaviour since the documentation states that it only fires, if the permissions are set.

As with the other issue I reported, this should be fixed in the wallet extension, I only report this here because there is no repo where this report fits better.

[chilligerchief]

@kayac-parallel-chain can you comment on the status of this issue? As with the other issue, are there plans to make the wallet extension open source, so I can contribute to that. SInce this is a security issue this should be fixes as soon as possible.

[chilligerchief]

Seems like it is fixed now. The event does not fire, if the permissions are not granted.

However, I can still register the event listener, which seems weird.
I would excpect, that registering the event listener would fail instead of simply not firing the event.

However, the functionality works now as described as in the documentation, therefore, I leave it up to you @kayac-parallel-chain to change this to a feature request for the next version or to close the issue.