#26423 closed Cleanup/optimization (wontfix)
Make EmailValidator use HTML5 validation rather than more complicated regular expressions
| Reported by: | Tim Graham | Owned by: | Jordan |
|---|---|---|---|
| Component: | Core (Other) | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Ülgen Sarıkavak, Mike Edmunds | Triage Stage: | Accepted |
| Has patch: | no | Needs documentation: | yes |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
As discussed on the django-developers mailing list, the regular expressions for validating email addresses are complicated for questionable benefit. We should simplify it to use HTML5 type="email" validation (possible candidate). A deprecation may be needed to give time for projects to add back more complex validation that they might required.
Change History (23)
comment:1 by , 9 years ago
comment:2 by , 9 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 9 years ago
Taking ownership on this at PyCon2016 Sprint. Discussed with Markus and have background on consensus direction a solution should take.
comment:4 by , 9 years ago
It would have been nice to know the "consensus direction" mentioned in the comment above!
comment:6 by , 9 years ago
This PR only marginally simplifies the regex, but all current tests are still passing, in addition of the non-ASCII local part.
I'm not sure it solves all concerns of this report, to be discussed/confirmed.
comment:7 by , 9 years ago
| Has patch: | set |
|---|
comment:9 by , 9 years ago
Replying to timgraham:
As discussed on the django-developers mailing list, the regular expressions for validating email addresses are complicated for questionable benefit. We should simplify it to use HTML5 type="email" validation (possible candidate). A deprecation may be needed to give time for projects to add back more complex validation that they might required.
I've found another possible fix here https://html.spec.whatwg.org/multipage/forms.html#valid-e-mail-address, but I have tried this regex and it does not match much out of the ASCII range. What does "HTML5" like browsers match that this regex does not? if Django wants to accept a large range of unicode characters, why can't it just match the whole unicode range on the local part of the email?
comment:11 by , 9 years ago
| Owner: | removed |
|---|---|
| Status: | assigned → new |
comment:13 by , 9 years ago
| Needs documentation: | set |
|---|
comment:14 by , 9 years ago
| Owner: | set to |
|---|---|
| Status: | new → assigned |
I've added some documentation that I think will help keep the user expectations clear after digging into the conversation / discussion history of this ticket.
comment:16 by , 8 years ago
I came across this today and realized that the current regexp, in 1.10.5, contains a type. At least I think it does, since the opening bracket of the second range in user_regex is escaped, but it shouldn't be.
Anyway, I threw together a small PR to fix that, and I hope it can be merge to stable until this lands. I also added a bunch of new examples, and at the very least those should get slurped into the PR from Haris. Hope this helps.
comment:17 by , 8 years ago
| Owner: | removed |
|---|---|
| Status: | assigned → new |
Not maintaining the PR any more. Please do feel free to fork and submit a new PR.
comment:18 by , 18 months ago
| Cc: | added |
|---|
comment:19 by , 6 months ago
| Owner: | set to |
|---|---|
| Status: | new → assigned |
comment:20 by , 6 months ago
I've submitted a PR for this ticket (#26423) which implements HTML5-style validation for EmailValidator with support for Unicode characters in the local part. The implementation maintains backwards compatibility with the domain_allowlist feature while making the validator more permissive for internationalized email addresses. All CI checks are now passing.
comment:21 by , 6 months ago
| Cc: | added |
|---|
comment:22 by , 5 months ago
| Has patch: | unset |
|---|
I've opened a forum discussion to try to either move this ticket forward or close it wontfix.
Note that the HTML5 valid email address regular expression (alone) is probably not a valid approach. It would break email features that were specifically added to Django in past tickets. Details in the forum.
(Also, the most recent PR actually addresses #27029, not this ticket. Clearing "has patch".)
comment:23 by , 4 months ago
| Resolution: | → wontfix |
|---|---|
| Status: | assigned → closed |
I am closing this "Make EmailValidator use HTML5 validation" ticket as not workable per the forum discussion.
Other approaches for EmailValidator to avoid "more complicated regular expressions" have come up in both the original discussion list thread and in #27029. I've tried to capture a specific proposal for that at https://forum.djangoproject.com/t/emailvalidator-simplification-and-international-email-addresses/39985/11. If it receives support, I'll open a new ticket.
We should also assert that non-ascii characters are allowed in the local part of the e-mail address, see #25986 for background on this issue.