Opened 21 months ago

Last modified 8 months ago

#26423 new Cleanup/optimization

Make EmailValidator use HTML5 validation rather than more complicated regular expressions

Reported by: Tim Graham Owned by:
Component: Core (Other) Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: yes
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

As discussed on the django-developers mailing list, the regular expressions for validating email addresses are complicated for questionable benefit. We should simplify it to use HTML5 type="email" validation (possible candidate). A deprecation may be needed to give time for projects to add back more complex validation that they might required.

Change History (17)

comment:1 Changed 20 months ago by Sergei Maertens

We should also assert that non-ascii characters are allowed in the local part of the e-mail address, see #25986 for background on this issue.

comment:2 Changed 19 months ago by Chris Butler

Owner: changed from nobody to Chris Butler
Status: newassigned

comment:3 Changed 19 months ago by Chris Butler

Taking ownership on this at PyCon2016 Sprint. Discussed with Markus and have background on consensus direction a solution should take.

comment:4 Changed 17 months ago by Claude Paroz

It would have been nice to know the "consensus direction" mentioned in the comment above!

comment:5 Changed 17 months ago by Claude Paroz

#27029 was closed as a duplicate.

comment:6 Changed 17 months ago by Claude Paroz

This PR only marginally simplifies the regex, but all current tests are still passing, in addition of the non-ASCII local part.
I'm not sure it solves all concerns of this report, to be discussed/confirmed.

comment:7 Changed 17 months ago by Claude Paroz

Has patch: set

comment:8 Changed 16 months ago by Claude Paroz

Has patch: unset

My patch was moved to #27029.

comment:9 in reply to:  description Changed 16 months ago by Jeff Willette

Replying to timgraham:

As discussed on the django-developers mailing list, the regular expressions for validating email addresses are complicated for questionable benefit. We should simplify it to use HTML5 type="email" validation (possible candidate). A deprecation may be needed to give time for projects to add back more complex validation that they might required.

I've found another possible fix here https://html.spec.whatwg.org/multipage/forms.html#valid-e-mail-address, but I have tried this regex and it does not match much out of the ASCII range. What does "HTML5" like browsers match that this regex does not? if Django wants to accept a large range of unicode characters, why can't it just match the whole unicode range on the local part of the email?

Last edited 16 months ago by Jeff Willette (previous) (diff)

comment:10 Changed 16 months ago by Claude Paroz

I suggest that Unicode validation be discussed separately in #27029.

comment:11 Changed 12 months ago by Tim Graham

Owner: Chris Butler deleted
Status: assignednew

comment:12 Changed 12 months ago by Tim Graham

Has patch: set

PR from Collin Anderson.

comment:13 Changed 12 months ago by Tim Graham

Needs documentation: set

comment:14 Changed 10 months ago by Haris Ibrahim K. V.

Owner: set to Haris Ibrahim K. V.
Status: newassigned

I've added some documentation that I think will help keep the user expectations clear after digging into the conversation / discussion history of this ticket.

https://github.com/django/django/pull/8081

comment:15 Changed 9 months ago by MisRob

#27932 was closed as a duplicate

comment:16 Changed 9 months ago by Max Nordlund

I came across this today and realized that the current regexp, in 1.10.5, contains a type. At least I think it does, since the opening bracket of the second range in user_regex is escaped, but it shouldn't be.

Anyway, I threw together a small PR to fix that, and I hope it can be merge to stable until this lands. I also added a bunch of new examples, and at the very least those should get slurped into the PR from Haris. Hope this helps.

See https://github.com/django/django/pull/8187

Last edited 9 months ago by Max Nordlund (previous) (diff)

comment:17 Changed 8 months ago by Haris Ibrahim K. V.

Owner: Haris Ibrahim K. V. deleted
Status: assignednew

Not maintaining the PR any more. Please do feel free to fork and submit a new PR.

Note: See TracTickets for help on using tickets.
Back to Top