Comments (11)
SamMousa
commented on August 22, 2024
It seems the problem is wider, [email protected] will also fail server side validation.
Note that client validation works...
from validator.
SamMousa
commented on August 22, 2024
@samdark could you move this to Yii 3?
What about simplifying this validator to use filter_var for server side validation?
from validator.
samdark
commented on August 22, 2024
Do these give us equal results?
from validator.
SamMousa
commented on August 22, 2024
Definitely not equal, since the it allows the email address I mentioned in the original post. I'll run all emails from the test suite through it
from validator.
SamMousa
commented on August 22, 2024
Also it doesn't support name inside the email; but we could add that.
from validator.
SamMousa
commented on August 22, 2024
I'm looking into this a bit more; I feel this email is valid:
после-преобразования-в-idn-тут-будет-больше-чем-64-символа@пример.com
Currently it is not valid when encoding the local part of the email address using PunyCode.
However, according to specs the local part should be handled as opaque. Encoding it using punycode gives us no guarantee that the receiving server will put it in the correct mailbox.
Specifically RFC5336 (https://tools.ietf.org/html/rfc5336#section-3.2) explicitly mentions that the domain part needs to be encoded according to RFC3490 but doesn't mention the local part.
So in the example above, the domain is a valid IDN. The local part might require accepted a mail server that supports SMTPUTF8, but that's not the same as encoding the local part using PunyCode...
from validator.
SamMousa
commented on August 22, 2024
https://tools.ietf.org/html/rfc3490#section-3.2.2
from validator.
SamMousa
commented on August 22, 2024
I've created a proof of concept PR that has some failing tests.
Specifically the tests for the Swiftmailer CVE.
I'm not sure that it should be the default for an EmailValidator to check for email addresses that happen to be dangerous when paired with a bad implementation...
The vulnerability we are testing for was fixed in 2016 https://github.com/swiftmailer/swiftmailer/blob/41e285e7184aee087da882477173602281f00463/CHANGES#L96
Note that these email addresses are technically valid so they should be accepted.
from validator.
samdark
commented on August 22, 2024
We can remove Swiftmailer-specific check, I think.
from validator.
samdark
commented on August 22, 2024
from validator.
mapeveri
commented on August 22, 2024
I sent a PR about this issue.
from validator.
Related Issues (20)
- Remove or improve `RulesDumper` HOT 5
- Increase MSI to 100%
- Add support non-public properties for dot notation in `Nested` rule
- Add methods `getFirstErrorMessagesIndexedByAttribute()` and `getFirstErrorMessagesIndexedByPath()` to `Result` class HOT 2
- Way to add error with custom value path HOT 2
- Return error code for API application HOT 6
- Can rule Integer allow only 'int'? HOT 1
- Add method to merge several validation results to one HOT 3
- Replace `mixed $skipOnEmpty` in rules constructors to `bool|callable|null $skipOnEmpty` HOT 3
- update irc link
- update docs folder link
- Allow to validate aspect ratio in `Image` rule
- Replace type rule in `RuleHandlerInterface::validate()` from `object` to `RuleInterface`
- Extract rule name and options to separate collector HOT 4
- Extract rule name and options to separate collector HOT 1
- Add `Unique` rule for validating `iterable` HOT 1
- Add `Any` rule
- `AtLeast`, `OneOf` naming - not clear that they are applied to attributes, not other rules HOT 2
- `AnyRule` - make the error message more detailed HOT 1
- `UniqueIterable` rule - add non-strict mode to support values of different types HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from validator.