Opened 8 years ago
Last modified 7 years ago
#26423 new Cleanup/optimization
Make EmailValidator use HTML5 validation rather than more complicated regular expressions
| Reported by: | Tim Graham | Owned by: | |
|---|---|---|---|
| Component: | Core (Other) | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | yes |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
As discussed on the django-developers mailing list, the regular expressions for validating email addresses are complicated for questionable benefit. We should simplify it to use HTML5 type="email" validation (possible candidate). A deprecation may be needed to give time for projects to add back more complex validation that they might required.
Change History (17)
comment:1 Changed 8 years ago by
comment:2 Changed 8 years ago by
| Owner: | changed from nobody to Chris Butler |
|---|---|
| Status: | new → assigned |
comment:3 Changed 8 years ago by
Taking ownership on this at PyCon2016 Sprint. Discussed with Markus and have background on consensus direction a solution should take.
comment:4 Changed 7 years ago by
It would have been nice to know the "consensus direction" mentioned in the comment above!
comment:6 Changed 7 years ago by
This PR only marginally simplifies the regex, but all current tests are still passing, in addition of the non-ASCII local part.
I'm not sure it solves all concerns of this report, to be discussed/confirmed.
comment:7 Changed 7 years ago by
| Has patch: | set |
|---|
comment:9 Changed 7 years ago by
Replying to timgraham:
As discussed on the django-developers mailing list, the regular expressions for validating email addresses are complicated for questionable benefit. We should simplify it to use HTML5 type="email" validation (possible candidate). A deprecation may be needed to give time for projects to add back more complex validation that they might required.
I've found another possible fix here https://html.spec.whatwg.org/multipage/forms.html#valid-e-mail-address, but I have tried this regex and it does not match much out of the ASCII range. What does "HTML5" like browsers match that this regex does not? if Django wants to accept a large range of unicode characters, why can't it just match the whole unicode range on the local part of the email?
comment:10 Changed 7 years ago by
I suggest that Unicode validation be discussed separately in #27029.
comment:11 Changed 7 years ago by
| Owner: | Chris Butler deleted |
|---|---|
| Status: | assigned → new |
comment:13 Changed 7 years ago by
| Needs documentation: | set |
|---|
comment:14 Changed 7 years ago by
| Owner: | set to Haris Ibrahim K. V. |
|---|---|
| Status: | new → assigned |
I've added some documentation that I think will help keep the user expectations clear after digging into the conversation / discussion history of this ticket.
comment:16 Changed 7 years ago by
I came across this today and realized that the current regexp, in 1.10.5, contains a type. At least I think it does, since the opening bracket of the second range in user_regex is escaped, but it shouldn't be.
Anyway, I threw together a small PR to fix that, and I hope it can be merge to stable until this lands. I also added a bunch of new examples, and at the very least those should get slurped into the PR from Haris. Hope this helps.
comment:17 Changed 7 years ago by
| Owner: | Haris Ibrahim K. V. deleted |
|---|---|
| Status: | assigned → new |
Not maintaining the PR any more. Please do feel free to fork and submit a new PR.
We should also assert that non-ascii characters are allowed in the local part of the e-mail address, see #25986 for background on this issue.