Token id validation - Githubissues

envoylabs / whoami

An NFT-based user and smart contract nameservice

Apache License 2.0

16 stars 8 forks source link

Token id validation #39

Closed the-frey closed 2 years ago

the-frey commented 2 years ago

We probably need some basic rules in place in terms of what is acceptable to avoid borkage.

the-frey commented 2 years ago

Alphanumeric-only?

A domain name can be up to 63 characters (letters, numbers or combination) long plus the 4 characters used to identify the domain extension (.com, .net, .org). The only symbol character domain names can include is a hyphen (-) although the domain name cannot start or end with a hyphen nor have consecutive hyphens. Common symbols such as asterisks (*), under scores (_), and exclamation points (!) are not allowed.

Feels like we should basically allow the regex [A-z0-9\_\-]

That would allow:

th3fr3y
the-frey
_thefrey
the_frey
the--frey (this is the only one I'm unsure about. Single hyphen/underscore only?)

the-frey commented 2 years ago

@danwlsn any thoughts on this?

danwlsn commented 2 years ago

Happy with the keeping it simple; alphanumerical, hyphens and underscores.

A couple of notes I would add though. You have A-z but I believe it should be lower case? I wouldn't want to have to battle off danWlsn when I'm the real danwlsn.

I'm in favour of only allowing single hyphen and underscore. Double underscore is too similar. the_frey the__frey

the-frey commented 2 years ago

A couple of notes I would add though. You have A-z but I believe it should be lower case?

Yes, very good point, I think at the moment we don't even auto-downcase before save. Eek.

I'm in favour of only allowing single hyphen and underscore. Double underscore is too similar.

Yep, also agreed, in some fonts it's definitely confusing enough to be a pathway to impersonating others, especially if a browser font supports ligatures.

Thanks for the sense-check.