Domain validation is not fully compliant with IDNA 2008 (either in
EmailValidator or UrlValidator) as defined in
[https://datatracker.ietf.org/doc/html/rfc5891#section-4.2 RFC5891
section-4.2]
A domain name cannot be validated properly with a regex, therefore, an IDN
validation should be performed with an appropriate library.
The current validation ignores IDNA errors. Instead, IDNA should be used
for domain validation and the regex validation should be skipped for
domains as it may lack some specific rules and then end up with invalid
domains being accepted.
Moreover, the current validation is made by performing a conversion to
A-Label with the Python `encodings.idna` module which implements a
deprecated standard (IDNA 2003).
This conversion should be made IDNA 2008 compliant. The most used Python
IDNA 2008 package is [https://pypi.org/project/idna/ idna], which is among
the most downloaded Python packages according to PyPI (4th as for the
current month) and referred in the
[https://docs.python.org/3/library/codecs.html#module-encodings.idna
official Python documentation].
--
Ticket URL: <https://code.djangoproject.com/ticket/33968>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
* cc: Florian Apolloner (added)
* resolution: => wontfix
* status: new => closed
* component: Core (Mail) => Core (Other)
* type: Uncategorized => New feature
Comment:
Thanks for this ticket, however adding a new dependency is always
controversial and it isn't a light decision so a strong consensus on the
mailing list is required. Please first start a discussion on the
DevelopersMailingList, where you'll reach a wider audience and see what
other think, and
[https://docs.djangoproject.com/en/stable/internals/contributing/bugs-and-
features/#requesting-features follow the guidelines with regards to
requesting features].
Personally, I don't think it's worth complexity. My initial response would
be similar to the Python's, i.e. ''"If you need the IDNA 2008 standard
from RFC 5891 and RFC 5895, use a third-party validator"''.
--
Ticket URL: <https://code.djangoproject.com/ticket/33968#comment:1>
Comment (by j-bernard):
Thanks, I started the discussion on the [https://groups.google.com/g
/django-developers/c/h80ELFgsess mailing list]
--
Ticket URL: <https://code.djangoproject.com/ticket/33968#comment:2>