Add risk warning and decoding to message signing

[Jim8y]

What

SignMessagePopup showed only the raw message payload (often hex/base64) with no risk framing — classic blind-signing. This adds:

• A prominent risk warning banner ('only sign messages from sites you trust; never sign an unexpected/unreadable request').
• A best-effort decode that surfaces the human-readable message when the payload is hex or base64 encoded, shown below the raw value.

Notes

• Conflict-checked: SignMessagePopup is touched by no open PR (Add transaction preview v2 #50's transaction-preview work is on SendTransactionPopup, a different popup).
• Builds clean for net10.0-android (0 errors).

[Copilot]

Pull request overview

Adds user-facing anti–blind-signing context to the message signing flow by introducing a prominent risk warning and a best-effort “decoded” view of message payloads (hex/base64) in SignMessagePopup, plus new localized strings to support the UI.

Changes:

• Add localized strings for a sign-message risk warning and a decoded-message label.
• Update SignMessagePopup UI to show a warning banner and (when available) a decoded message section.
• Add best-effort decoding logic in SignMessagePopup.xaml.cs to surface human-readable content.

Reviewed changes

Copilot reviewed 5 out of 6 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
OneGateApp/Properties/Strings.resx	Adds new base (English) resource strings for decoded message and risk warning.
OneGateApp/Properties/Strings.zh-Hans.resx	Adds Simplified Chinese translations for the new strings.
OneGateApp/Properties/Strings.zh-Hant.resx	Adds Traditional Chinese translations for the new strings.
OneGateApp/Properties/Strings.Designer.cs	Exposes the new resource keys via strongly-typed properties.
OneGateApp/Controls/Popups/SignMessagePopup.xaml	Adds the warning banner and conditional decoded-message UI section.
OneGateApp/Controls/Popups/SignMessagePopup.xaml.cs	Implements best-effort decoding and binds it into the popup view model.

Files not reviewed (1)

• OneGateApp/Properties/Strings.Designer.cs: Generated file

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Jim8y]

Handled the open #63 review threads.

Changes:

• Cached ReadableMessage when Message or IsBase64Encoded changes, so XAML bindings no longer repeatedly parse/allocate.
• Passed options.IsBase64Encoded from LaunchDAppPage.SignMessage() into the popup.
• Removed heuristic hex decoding from the signing popup. The readable preview now appears only when the actual signed payload is base64-decoded by the signing path, avoiding a misleading preview for raw UTF-8 or hex-looking strings.
• Added a 16 KiB preview input guard and only catch expected decode exceptions (FormatException / ArgumentException).
• Added DecodedMessage and SignMessageRiskWarning to all locale resource files; resource parity is now 15 files / 285 keys.
• Merged current origin/master into the branch with no conflicts.

Validation:

• git diff --check
• Conflict scan with rg -n "<<<<<<<|=======|>>>>>>>" OneGateApp
• Resource parity checked: 15 resource files, 285 keys
• iOS simulator build/install/launch verified, then Wallet -> Send UI verified
• Android emulator build/install/launch verified, then Wallet -> Send UI verified
• Android crash buffer remained empty after launch and navigation

Note:

• I did not submit a real dApp signature during simulator QA; the sign-message path is covered by compile-time verification and the popup binding/resource changes, while the simulator smoke test confirms the final build starts and navigates cleanly on both platforms.

Screenshots:

• iOS: https://github.com/Jim8y/OneGateApp/releases/download/pr-63-screenshots-20260621/onegate-pr63-ios-send.png
• Android: https://github.com/Jim8y/OneGateApp/releases/download/pr-63-screenshots-20260621/onegate-pr63-android-send.png