It’s taking me longer than expected to review all of the Unicode characters.
To solve the emoji issue in the short term, I’ve built another variant of my library which I’m calling compat, which uses the current ENS rules (IDNA 2003 w/compat) but uses UTS-51 emoji parsing and my safe modifications (CheckBidi, ContextJ, ContextO, SEQ and ZWJ whitelist, enable a few additional emoji, enable underscore, disable alternative stops.)
Here is an updated report using this library. I’ve also included it into the emoji report.. The errors are almost exclusively names that are obviously malicious. There are 14 bidi errors.
This library is available on npm as @adraffy/ens-normalize. To access the compat build, use:
import {ens_normalize} from '@adraffy/ens-normalize/dist/ens-normalize-compat.js';
let norm = ens_normalize('rAffy💩️.eth'); // throws if invalid
If anyone is adventurous, please give this a test. It should be a straight upgrade relative to existing libraries.
The library is 37 KB. It includes its own implementation of NFC (16KB). Once I figure out why the standard JS implementation is wrong, I can potentially drop this from the payload. Additionally, if the community decides the CheckBidi isn’t necessary, that saves another 5KB.