Validate domains against IDNA2008 instead of IDNA2003?
71 views
Skip to first unread message
Tim Graham
Sep 2, 2015, 5:35:22 PM9/2/15
to Django developers (Contributions to Django itself)
Quoting this ticket: https://code.djangoproject.com/ticket/25337
"""
IDNA domains validation is a mess, anyway, it's going forward, and IDNA2008 refines IDNA2003 proposal to better define what is a valid IDN domain and what is not.
ICANN/IANA [https://www.icann.org/resources/pages/idn-guidelines-2011-09-02-en recommends using IDNA2008]
However, python standard lib [https://docs.python.org/3/library/codecs.html?highlight=idna#module-encodings.idna only offers IDNA2003] validation in , and one have to use [https://pypi.python.org/pypi/idna a 3rd party lib] to encode/validate against IDNA2008.
Currently, on URLValidator, EmailValidator ([https://code.djangoproject.com/ticket/18119 and soon DomainNameValidator ?]), Django relies on Python builtin `str.encode('idna')`.
I don't come with a solution for Django, and I know that Django avoid to depend on 3rd-party libs.
However I do think that it would be a good thing that Django validates domains against IDNA2008.
What do you think?
"""
"""
IDNA domains validation is a mess, anyway, it's going forward, and IDNA2008 refines IDNA2003 proposal to better define what is a valid IDN domain and what is not.
ICANN/IANA [https://www.icann.org/resources/pages/idn-guidelines-2011-09-02-en recommends using IDNA2008]
However, python standard lib [https://docs.python.org/3/library/codecs.html?highlight=idna#module-encodings.idna only offers IDNA2003] validation in , and one have to use [https://pypi.python.org/pypi/idna a 3rd party lib] to encode/validate against IDNA2008.
Currently, on URLValidator, EmailValidator ([https://code.djangoproject.com/ticket/18119 and soon DomainNameValidator ?]), Django relies on Python builtin `str.encode('idna')`.
I don't come with a solution for Django, and I know that Django avoid to depend on 3rd-party libs.
However I do think that it would be a good thing that Django validates domains against IDNA2008.
What do you think?
"""
Raphael Michel
Sep 2, 2015, 5:51:27 PM9/2/15
to Tim Graham, Django developers (Contributions to Django itself)
Hi,
Am Wed, 2 Sep 2015 14:35:22 -0700 (PDT)
schrieb Tim Graham <timog...@gmail.com>:
However, I believe it could be good idea to have the 3rd-party idna
package as an optional dependency that Django makes use of if present
but works completely without it.
Cheers,
Raphael
Am Wed, 2 Sep 2015 14:35:22 -0700 (PDT)
schrieb Tim Graham <timog...@gmail.com>:
> However, python standard lib [
> https://docs.python.org/3/library/codecs.html?highlight=idna#module-encodings.idna
> only offers IDNA2003] validation in , and one have to use [
> https://pypi.python.org/pypi/idna a 3rd party lib] to encode/validate
> against IDNA2008.
If I do not miss something, this is a "bug" in Python and not in Django.
> https://docs.python.org/3/library/codecs.html?highlight=idna#module-encodings.idna
> only offers IDNA2003] validation in , and one have to use [
> https://pypi.python.org/pypi/idna a 3rd party lib] to encode/validate
> against IDNA2008.
However, I believe it could be good idea to have the 3rd-party idna
package as an optional dependency that Django makes use of if present
but works completely without it.
Cheers,
Raphael
Reply all
Reply to author
Forward
0 new messages