[Django] #27029: invalid email addresses input django validate_email
Django
------------------------------+----------------------------------
Reporter: RaminFP | Owner: Ramin Farajpour Cami
Type: Bug | Status: new
Component: Core (Other) | Version: 1.10
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+----------------------------------
{{{
from django.core.validators import validate_email
validate_email('γγγγγ@email.com')
}}}
if you check this url email chacker with γγγγγ@address.com , this is
not valid email address ,
Thanks,
Ramin
--
Ticket URL: <https://code.djangoproject.com/ticket/27029>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: RaminFP | Owner: Ramin
| Farajpour Cami
Component: Core (Other) | Version: 1.10
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by claudep):
* status: new => closed
* needs_better_patch: => 0
* resolution: => duplicate
* needs_tests: => 0
* needs_docs: => 0
Comment:
Sure thing!
Duplicate of #26423
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:1>
Django
Reporter: RaminFP | Owner: Ramin
| Farajpour Cami
Type: Bug | Status: new
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by claudep):
* status: closed => new
* has_patch: 0 => 1
* version: 1.10 => master
* resolution: duplicate =>
* stage: Unreviewed => Accepted
Comment:
Reopening as I have a patch which targets this specific issue.
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:2>
Django
Reporter: RaminFP | Owner: Ramin
| Farajpour Cami
Type: Bug | Status: new
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by RaminFP):
Replying to [comment:2 claudep]:
> Reopening as I have a patch which targets this specific issue.
Hi,
Thanks a lot,
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:3>
Django
Reporter: RaminFP | Owner: Ramin
| Farajpour Cami
Type: Bug | Status: new
Severity: Normal | Resolution:
| checkin
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by timgraham):
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:4>
Django
Reporter: RaminFP | Owner: Ramin
| Farajpour Cami
Type: Bug | Status: new
Severity: Normal | Resolution:
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by claudep):
I'm just wondering, is there still a use case to keep ASCII-only
validation (and hence provide `validate_email_ascii`)?
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:5>
Django
Reporter: RaminFP | Owner: Ramin
| Farajpour Cami
Type: Bug | Status: new
Severity: Normal | Resolution:
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by timgraham):
Not sure, maybe you want to ask on the DevelopersMailingList. I guess
usage might be a bit difficult until #25594 is fixed.
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:6>
Django
Reporter: RaminFP | Owner: Ramin
| Farajpour Cami
Type: Bug | Status: new
Severity: Normal | Resolution:
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by claudep):
* stage: Ready for checkin => Accepted
Comment:
I just tested Firefox and Chrome email validation, and they don't accept
non-ASCII in the local part.
In any case, I think we should provide both validators (ASCII-only and
Unicode). It might be a bit too soon to unconditionally allow Unicode in
emails.
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:7>
Django
Reporter: RaminFP | Owner: Ramin
| Farajpour Cami
Type: Bug | Status: new
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by claudep):
* needs_better_patch: 0 => 1
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:8>
Django
-------------------------------------+-------------------------------------
Reporter: RaminFP | Owner: Ramin
Cleanup/optimization | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Changes (by timgraham):
* type: Bug => Cleanup/optimization
Comment:
See #21859 for a documentation request to clarify the state of
ASCII/Unicode email addresses in Django.
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:9>
Django
-------------------------------------+-------------------------------------
Reporter: RaminFP | Owner: Ramin
Type: | Farajpour Cami
Cleanup/optimization | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:10>
Django
-------------------------------------+-------------------------------------
Reporter: RaminFP | Owner: Ramin
Type: | Farajpour Cami
Cleanup/optimization | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Comment (by RaminFP):
Hi Tim,
Please merge PR ,
Thanks
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:11>
Django
-------------------------------------+-------------------------------------
Reporter: RaminFP | Owner: Ramin
Type: | Farajpour Cami
Cleanup/optimization | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Comment (by claudep):
Hey RaminFP,
I plan to come with a new patch, with two versions of the email validator.
I don't think that non-ASCII local parts of email addresses are widespread
enough to set it by default. The idea is that you could easily opt-in for
the Unicode validator of your choice when you define the field in your
models.
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:12>
Django
-------------------------------------+-------------------------------------
Reporter: RaminFP | Owner: Ramin
Type: | Farajpour Cami
Cleanup/optimization | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Comment (by RaminFP):
Replying to [comment:12 claudep]:
> Hey RaminFP,
> I plan to come with a new patch, with two versions of the email
validator. I don't think that non-ASCII local parts of email addresses are
widespread enough to set it by default. The idea is that you could easily
opt-in for the Unicode validator of your choice when you define the field
in your models.
Will be fix in new version 1.11? i can make suggestions to fix?
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:13>
Django
-------------------------------------+-------------------------------------
Reporter: RaminFP | Owner: Ramin
Type: | Farajpour Cami
Cleanup/optimization | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Comment (by claudep):
Yes, the plan is clearly to include that in 1.11. We still have some
months ahead :-)
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:14>
Django
-------------------------------------+-------------------------------------
Reporter: RaminFP | Owner: Ramin
Type: | Farajpour Cami
Cleanup/optimization | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Comment (by RaminFP):
Replying to [comment:14 claudep]:
> Yes, the plan is clearly to include that in 1.11. We still have some
months ahead :-)
Owesome, i have one question, you have
[https://github.com/django/django/blob/master/AUTHORS CONTRIBUTORS LIST] i
can add this list? or no i should try for send a lot of report for added
to list contributors?
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:15>
Django
-------------------------------------+-------------------------------------
Reporter: RaminFP | Owner: Ramin
Type: | Farajpour Cami
Cleanup/optimization | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Comment (by claudep):
Yes, you are supposed to have done significant work for Django to be
listed there. Of course, that's very subjective, but filling a couple of
reports isn't sufficient for that.
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:16>
Django
-------------------------------------+-------------------------------------
Reporter: RaminFP | Owner: Ramin
Type: | Farajpour Cami
Cleanup/optimization | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Comment (by RaminFP):
Very good, i like working with Django community always in security and see
code issue for fix it,i see you write PR for this report so I can't add my
name to βCONTRIBUTORS LIST, :((
Thanks,
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:17>
Django
-------------------------------------+-------------------------------------
Reporter: RaminFP | Owner: Ramin
Type: | Farajpour Cami
Cleanup/optimization | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Comment (by RaminFP):
Hi,
I see here way Contributing to Django
https://docs.djangoproject.com/en/dev/internals/contributing/
You write PR for patch issue ,this means my name not added?
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:18>
Django
-------------------------------------+-------------------------------------
Reporter: RaminFP | Owner: Ramin
Type: | Farajpour Cami
Cleanup/optimization | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Comment (by timgraham):
Yes, we add to AUTHORS based on code contributions not bug reports.
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:19>
Django
-------------------------------------+-------------------------------------
Cami | Puysseleir
Type: | Status: assigned
Cleanup/optimization |
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Wout De Puysseleir):
* owner: Ramin Farajpour Cami => Wout De Puysseleir
* needs_better_patch: 1 => 0
* status: new => assigned
Comment:
[https://github.com/django/django/pull/7498 PR]
I've added a new patch for this.
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:20>
Django
-------------------------------------+-------------------------------------
Reporter: Ramin Farajpour | Owner: Wout De
Cami | Puysseleir
Type: | Status: assigned
Cleanup/optimization |
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Florian Apolloner):
* needs_better_patch: 0 => 1
Comment:
I am against this patch, adding more regular expressions is the wrong way
to go. I'd like to propose to change the current email validator to just
check if "@" is in the address and be done with it. See also
https://davidcel.is/posts/stop-validating-email-addresses-with-regex/ -- I
think this is something which should have a bit of discussion on the
mailing list.
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:21>
Django
-------------------------------------+-------------------------------------
Reporter: Ramin Farajpour | Owner: Wout De
Cami | Puysseleir
Type: | Status: assigned
Cleanup/optimization |
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Changes (by Florian Apolloner):
* cc: Florian Apolloner (added)
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:22>
Django
-------------------------------------+-------------------------------------
Reporter: Ramin Farajpour | Owner: Wout De
Cami | Puysseleir
Type: | Status: assigned
Cleanup/optimization |
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Comment (by Tim Graham):
Ideas about simplification are discussed in #26423 and
[https://groups.google.com/d/topic/django-
developers/ASBJ0ge2KYo/discussion on the django-developers mailing list].
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:23>
Django
-------------------------------------+-------------------------------------
Reporter: Ramin Farajpour | Owner: Wout De
Cami | Puysseleir
Type: | Status: assigned
Cleanup/optimization |
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Comment (by Collin Anderson):
if we do allow non-ascii, I wonder if we should be sure the email is
"printable" (not allow hidden characters like '\u200b')
https://docs.python.org/3/library/stdtypes.html#str.isprintable
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:24>
Django
Reporter: Ramin Farajpour Cami | Owner: (none)
Type: Cleanup/optimization | Status: new
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Changes (by Mariusz Felisiak):
* owner: Wout De Puysseleir => (none)
* status: assigned => new
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:25>
Django
--------------------------------------+------------------------------------
Reporter: Ramin Farajpour Cami | Owner: (none)
Type: Cleanup/optimization | Status: new
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Comment (by j-bernard):
Commenting here since #33967 has been closed as a duplicate.
Unicode in local-part is allowed by the latest standards, therefore
`EmailValidator` is preventing valid email addresses to be used in Django.
Making the current regex allow Unicode characters instead of `[0-9A-Z]`
would do the trick.
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:26>
Django
--------------------------------------+------------------------------------
Reporter: Ramin Farajpour Cami | Owner: (none)
Type: Cleanup/optimization | Status: new
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Comment (by j-bernard):
I submitted this [https://github.com/django/django/pull/16181 PR]. I made
it change as little as possible to at least get Unicode local-part valid.
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:27>
Django
--------------------------------------+------------------------------------
Reporter: Ramin Farajpour Cami | Owner: (none)
Type: Cleanup/optimization | Status: new
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
* needs_better_patch: 1 => 0
Comment:
Improvement flag was set on prior PR proposing additional regular
expressions. Current [https://github.com/django/django/pull/16181 PR]
simplifies the existing one per
[https://code.djangoproject.com/ticket/27029#comment:26 comment].
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:28>
Django
Reporter: Ramin Farajpour | Owner: j-bernard
Cami |
Type: | Status: assigned
Cleanup/optimization |
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak):
* owner: (none) => j-bernard
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:29>
Django
-------------------------------------+-------------------------------------
Reporter: Ramin Farajpour | Owner: j-bernard
Cami |
Type: | Status: assigned
Cleanup/optimization |
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Carlton Gibson):
The new PR seems ''OKβ’'' βΒ for
[https://docs.python.org/3.11/library/re.html#index-34 strings `\w`] is
equivalent to `[a-zA-Z0-9_]` with ASCII, and the unicode examples then
pass.
I worry slightly about bringing in a host of lookalike address
vulnerabilities. π€
I think this needs a discussion to decide the way forward.
1. I'm not convinced this is really a distinct issue to #26423.
2. [The https://groups.google.com/d/topic/django-
developers/ASBJ0ge2KYo/discussion mailing list discussion] was essentially
unanimous to radically simplify here (rather than continue to tweak).
Florian's comment:21 more or less sums it up:
> ...propose to change the current email validator to just check if "@" is
in the address and be done with it.
We've said similar with URLValidator a number of times.
I'm not sure we shouldn't (again) mark this as a duplicate of #26423, re-
purpose that to simplify the validation, make sure ''How to customise
validation'' shows the way forward clearly, and then close everything else
in this area as `wontfix`. π€
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:30>
Django
-------------------------------------+-------------------------------------
Reporter: Ramin Farajpour | Owner: j-bernard
Cami |
Type: | Status: assigned
Cleanup/optimization |
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Claude Paroz):
Different projects have different requirements. What about providing
different validators: a simple one where only `<somechar>`@`<somechar>`
presence is checked, a more elaborate one like the current one, and an
equivalent to the previous allowing unicode. The question then is to
decide which would be the default.
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:31>
Django
-------------------------------------+-------------------------------------
Reporter: Ramin Farajpour | Owner: j-bernard
Cami |
Type: | Status: assigned
Cleanup/optimization |
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Carlton Gibson):
I think that sounds quite reasonable Claude.
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:32>
Django
-------------------------------------+-------------------------------------
Reporter: Ramin Farajpour | Owner: j-bernard
Cami |
Type: | Status: assigned
Cleanup/optimization |
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by j-bernard):
Here is a little context for my use case. In general, I create my own
validator whenever it's needed to override the default Django behavior but
I have a particular case where django-allauth app is used and is using the
EmailValidator. In that case, I cannot easily override it.
My suggestion would then be to make the default validator more permissive
to get some flexibility in the kind of use case that I have. One can still
include another validation layer on top of that.
If you don't mind implementing a more complex specific validator for
internationalized email addresses it would be better to avoid using only a
regex. I kept it the simplest as I could in my PR because I'm aware that
changing the validator is touchy.
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:33>
Django
-------------------------------------+-------------------------------------
Reporter: Ramin Farajpour | Owner: j-bernard
Cami |
Type: | Status: assigned
Cleanup/optimization |
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* needs_better_patch: 0 => 1
Comment:
> My suggestion would then be to make the default validator more
permissive to get some flexibility in the kind of use case that I have.
One can still include another validation layer on top of that.
I don't think we can just swap out the current validation for a looser
one. Folks will be depending on the existing behaviour.
Maybe we can ship a couple of variants, but I'm not sure what switching
method we might allow. I think we need a story there in order to proceed.
π€
I looked at `django-allauth` β it's using the `validate_email` instance,
in various, deeply-nested places β I think an issue over there, to look at
making that pluggable, is needed really. (In the meantime, one could
monkey patch `validate_email` with whatever validator you wanted to adjust
thatβ¦ β again, not something I think we can just swap out from beneath
it.)
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:34>
Django
-------------------------------------+-------------------------------------
Reporter: Ramin Farajpour | Owner: j-bernard
Cami |
Type: | Status: assigned
Cleanup/optimization |
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* cc: Carlos Palol (added)
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:35>
Django
-------------------------------------+-------------------------------------
Reporter: Ramin Farajpour | Owner: j-bernard
Cami |
Type: | Status: assigned
Cleanup/optimization |
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* cc: Collin Anderson (added)
Old description:
> {{{
> from django.core.validators import validate_email
> validate_email('γγγγγ@email.com')
> }}}
>
> if you check this url email chacker with γγγγγ@address.com , this is
> not valid email address ,
>
> Thanks,
> Ramin
New description:
{{{
from django.core.validators import validate_email
validate_email('γγγγγ@email.com')
}}}
if you check this url email chacker with γγγγγ@address.com , this is
not valid email address ,
Thanks,
Ramin
--
Comment:
I'm just noticing today that unicode.org has recommendations on email
security:
https://www.unicode.org/reports/tr39/#Email_Security_Profiles
- It must be in NFKC format
- It must have level = <restriction level> or less, from
`Restriction_Level_Detection`
- It must not have mixed number systems according to
`Mixed_Number_Detection`
- It must satisfy dot-atom-text from RFC 5322 Β§3.2.3, where atext is
extended as follows:
- Where C β€ U+007F, C is defined as in Β§3.2.3. (That is, C β
[!#-'*+\-/-9=?A-Z\^-~]. This list copies what is already in Β§3.2.3, and
follows HTML5 for ASCII.)
- Where C > U+007F, both of the following conditions are true:
- C has `Identifier_Status=Allowed` from General Security Profile
- If C is the first character, it must be `XID_Start` from Default
Identifier_Syntax in [UAX31]
It doesn't recommend which "restriction level" to use, and maybe we should
allow the user to decide what level to use (defaulting to 1: ASCII-Only).
(Also, it would be nice if Python implemented "Mixed-Script Detection",
"Restriction-Level Detection" and "Mixed-Number Detection" as part of
unicodedata.)
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:36>
Django
Reporter: Ramin Farajpour | Owner: j-bernard
Cami |
Type: | Status: assigned
Cleanup/optimization |
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
* summary: Make EmailValidator accept non-ASCII characters => Make
EmailValidator accept non-ASCII characters in local part
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:37>
Django
-------------------------------------+-------------------------------------
Reporter: Ramin Farajpour | Owner: j-bernard
Cami |
Type: | Status: assigned
Cleanup/optimization |
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
[Related ticket: #35714 covers Django's SMTP EmailBackend being able to
send to addresses with non-ASCII local parts.]
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:38>
Django
-------------------------------------+-------------------------------------
Reporter: Ramin Farajpour | Owner: j-bernard
Cami |
Type: | Status: assigned
Cleanup/optimization |
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Mike Edmunds):
simplification-and-international-email-addresses/39985 forum discussion]
about this ticket (and the maybe-duplicate-maybe-not #26423), to try to
either clarify it or close it wontfix.
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:39>
Django
-------------------------------------+-------------------------------------
Reporter: Ramin Farajpour | Owner: j-bernard
Cami |
Type: | Status: assigned
Cleanup/optimization |
Component: Core (Other) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Mike Edmunds):
EmailValidator (that would also allow EAI local parts) at
https://forum.djangoproject.com/t/emailvalidator-simplification-and-
international-email-addresses/39985/11. If that receives support, it would
obsolete this ticket.
But if that simplified proposalβor something like itβis ''not'' accepted
(and this ticket remains accepted), then this ticket will need to be
addressed by following RFC 6532 to allow UTF8-non-ascii characters in the
EmailValidator user_regex, in both the dot-atom and quoted-string parts.
Since this is a potentially breaking change, it would need to be opt-in,
e.g. via a new `accept_eai_user` EmailValidator keyword param (like
DomainNameValidator's `accept_idna`, but defaulting to False).
To address concerns about regular expression complexity, it would probably
be helpful to break up EmailValidator's user_regex into simpler
components, similar to what was done in DomainNameValidator. (I suggest
using the RFC 5322 terms: atom, dot_atom, qtext, quoted_pair,
quoted_string. Since RFC 6532 is specified using those same terms, it
should help with reviewing a PR for this ticket.)
Incidentally, as of April 2025, no major browser allows non-ASCII local-
parts in an `<input type=email>`. (There's a lengthy and ongoing
[https://github.com/whatwg/html/issues/4562 WHATWG discussion about EAI].)
But EmailValidator is ''not'' just for email addresses that come from a
browser input field, and EAI addresses ''are'' valid email addresses in a
context where you're trying to support EAI.
--
Ticket URL: <https://code.djangoproject.com/ticket/27029#comment:40>