[Django] #27290: Email validation doesn't check length

12 views
Skip to first unread message

Django

unread,
Sep 28, 2016, 7:01:43 PM9/28/16
to django-...@googlegroups.com
#27290: Email validation doesn't check length
-------------------------------+--------------------
Reporter: kyoki | Owner: nobody
Type: Bug | Status: new
Component: Uncategorized | Version: 1.10
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
Django's {{{ validate_email }}}/{{{EmailValidator}}} doesn't properly
check the length of emails as defined in RFC3696. The local part should be
restricted to 64 characters and the domain to 255. The overall email
address length is restricted to 256 characters in RFC 2821.

--
Ticket URL: <https://code.djangoproject.com/ticket/27290>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Sep 30, 2016, 6:02:31 AM9/30/16
to django-...@googlegroups.com
#27290: Email validation doesn't check length
-------------------------------+--------------------------------------

Reporter: kyoki | Owner: nobody
Type: Bug | Status: new
Component: Uncategorized | Version: 1.10
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by Lewis Cowles):

* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0


Comment:

Replying to [ticket:27290 kyoki]:


> Django's {{{ validate_email }}}/{{{EmailValidator}}} doesn't properly
check the length of emails as defined in RFC3696. The local part should be
restricted to 64 characters and the domain to 255. The overall email
address length is restricted to 256 characters in RFC 2821.

The maximum length of an email address is 254 as in RFC 5321 it states
"The maximum total length of a reverse-path or forward-path is 256
characters". With two chars taken up, 254 is all we are left with.

**Sources:**
http://stackoverflow.com/questions/386294/what-is-the-maximum-length-of-a
-valid-email-address
http://www.rfc-editor.org/errata_search.php?rfc=3696&eid=1690

--
Ticket URL: <https://code.djangoproject.com/ticket/27290#comment:1>

Django

unread,
Sep 30, 2016, 6:20:47 AM9/30/16
to django-...@googlegroups.com
#27290: Email validation doesn't check length
-------------------------------+--------------------------------------

Reporter: kyoki | Owner: nobody
Type: Bug | Status: new
Component: Uncategorized | Version: 1.10
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------

Comment (by Moritz Sichert):

This is possibly a duplicate of #26423. The consensus there is to use less
complex HTML5 validation rules instead of trying to validate an address
exactly according to the RFCs.

Also one problem I can immediately think of is how you would count the
length of unicode characters: For the purposes of validation should the
length of `ä@foo` be 5 or 6?

--
Ticket URL: <https://code.djangoproject.com/ticket/27290#comment:2>

Django

unread,
Oct 1, 2016, 10:12:51 AM10/1/16
to django-...@googlegroups.com
#27290: Email validation doesn't check length
------------------------------+--------------------------------------
Reporter: kyoki | Owner: nobody
Type: Bug | Status: closed
Component: Core (Other) | Version: 1.10
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------------------------
Changes (by Tim Graham):

* status: new => closed
* resolution: => wontfix
* component: Uncategorized => Core (Other)


Comment:

Yes, I don't think there's any change to make here in light of #26423.

--
Ticket URL: <https://code.djangoproject.com/ticket/27290#comment:3>

Reply all
Reply to author
Forward
0 new messages