[Django] #27290: Email validation doesn't check length
Django
-------------------------------+--------------------
Reporter: kyoki | Owner: nobody
Type: Bug | Status: new
Component: Uncategorized | Version: 1.10
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
Django's {{{ validate_email }}}/{{{EmailValidator}}} doesn't properly
check the length of emails as defined in RFC3696. The local part should be
restricted to 64 characters and the domain to 255. The overall email
address length is restricted to 256 characters in RFC 2821.
--
Ticket URL: <https://code.djangoproject.com/ticket/27290>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: kyoki | Owner: nobody
Type: Bug | Status: new
Component: Uncategorized | Version: 1.10
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Lewis Cowles):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
Comment:
Replying to [ticket:27290 kyoki]:
> Django's {{{ validate_email }}}/{{{EmailValidator}}} doesn't properly
check the length of emails as defined in RFC3696. The local part should be
restricted to 64 characters and the domain to 255. The overall email
address length is restricted to 256 characters in RFC 2821.
The maximum length of an email address is 254 as in RFC 5321 it states
"The maximum total length of a reverse-path or forward-path is 256
characters". With two chars taken up, 254 is all we are left with.
**Sources:**
http://stackoverflow.com/questions/386294/what-is-the-maximum-length-of-a
-valid-email-address
http://www.rfc-editor.org/errata_search.php?rfc=3696&eid=1690
--
Ticket URL: <https://code.djangoproject.com/ticket/27290#comment:1>
Django
Reporter: kyoki | Owner: nobody
Type: Bug | Status: new
Component: Uncategorized | Version: 1.10
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Moritz Sichert):
This is possibly a duplicate of #26423. The consensus there is to use less
complex HTML5 validation rules instead of trying to validate an address
exactly according to the RFCs.
Also one problem I can immediately think of is how you would count the
length of unicode characters: For the purposes of validation should the
length of `ä@foo` be 5 or 6?
--
Ticket URL: <https://code.djangoproject.com/ticket/27290#comment:2>
Django
Reporter: kyoki | Owner: nobody
Type: Bug | Status: closed
Component: Core (Other) | Version: 1.10
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham):
* status: new => closed
* resolution: => wontfix
* component: Uncategorized => Core (Other)
Comment:
Yes, I don't think there's any change to make here in light of #26423.
--
Ticket URL: <https://code.djangoproject.com/ticket/27290#comment:3>