From ca945b3bfdc0dea6ba36d7c5d0d5506e093f7da0 Mon Sep 17 00:00:00 2001 From: Dan Finlay Date: Wed, 15 Nov 2017 14:35:22 -0800 Subject: [PATCH] Add phishing warning --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index 89bc4bb..0233e05 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,17 @@ var input = getUserInput() var normalized = namehash.normalize(input) ``` +## Security Warning + +ENS Supports UTF-8 characters, and so many duplicate names are possible. For example: + +- faceboŠ¾k.eth +- facebook.eth + +The first one has non-ascii chars. (control+F on this page and search for facebook, only the second one will match). + +namehash.normalize() doesn't automagically remap those, and so other precautions should be taken to avoid user phishing. + ## Development This module supports advanced JavaScript syntax, but exports an ES5-compatible module. To re-build the exported module after making changes, run `npm run bundle` (must have [browserify](http://browserify.org/) installed).