Opened 9 years ago
Last modified 8 months ago
#26423 new Cleanup/optimization
Make EmailValidator use HTML5 validation rather than more complicated regular expressions
| Reported by: | Tim Graham | Owned by: | |
|---|---|---|---|
| Component: | Core (Other) | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Ülgen Sarıkavak | Triage Stage: | Accepted |
| Has patch: | yes | Needs documentation: | yes |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
As discussed on the django-developers mailing list, the regular expressions for validating email addresses are complicated for questionable benefit. We should simplify it to use HTML5 type="email" validation (possible candidate). A deprecation may be needed to give time for projects to add back more complex validation that they might required.
Change History (18)
comment:1 by , 9 years ago
comment:2 by , 8 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 8 years ago
Taking ownership on this at PyCon2016 Sprint. Discussed with Markus and have background on consensus direction a solution should take.
comment:4 by , 8 years ago
It would have been nice to know the "consensus direction" mentioned in the comment above!
comment:6 by , 8 years ago
This PR only marginally simplifies the regex, but all current tests are still passing, in addition of the non-ASCII local part.
I'm not sure it solves all concerns of this report, to be discussed/confirmed.
comment:7 by , 8 years ago
| Has patch: | set |
|---|
comment:9 by , 8 years ago
Replying to timgraham:
As discussed on the django-developers mailing list, the regular expressions for validating email addresses are complicated for questionable benefit. We should simplify it to use HTML5 type="email" validation (possible candidate). A deprecation may be needed to give time for projects to add back more complex validation that they might required.
I've found another possible fix here https://html.spec.whatwg.org/multipage/forms.html#valid-e-mail-address, but I have tried this regex and it does not match much out of the ASCII range. What does "HTML5" like browsers match that this regex does not? if Django wants to accept a large range of unicode characters, why can't it just match the whole unicode range on the local part of the email?
comment:11 by , 8 years ago
| Owner: | removed |
|---|---|
| Status: | assigned → new |
comment:13 by , 8 years ago
| Needs documentation: | set |
|---|
comment:14 by , 8 years ago
| Owner: | set to |
|---|---|
| Status: | new → assigned |
I've added some documentation that I think will help keep the user expectations clear after digging into the conversation / discussion history of this ticket.
comment:16 by , 8 years ago
I came across this today and realized that the current regexp, in 1.10.5, contains a type. At least I think it does, since the opening bracket of the second range in user_regex is escaped, but it shouldn't be.
Anyway, I threw together a small PR to fix that, and I hope it can be merge to stable until this lands. I also added a bunch of new examples, and at the very least those should get slurped into the PR from Haris. Hope this helps.
comment:17 by , 8 years ago
| Owner: | removed |
|---|---|
| Status: | assigned → new |
Not maintaining the PR any more. Please do feel free to fork and submit a new PR.
comment:18 by , 8 months ago
| Cc: | added |
|---|
We should also assert that non-ascii characters are allowed in the local part of the e-mail address, see #25986 for background on this issue.