8000 HTML5 Email validation is incorrect · Issue #49076 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

HTML5 Email validation is incorrect #49076

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Sectimus opened this issue Jan 23, 2023 · 5 comments
Closed

HTML5 Email validation is incorrect #49076

Sectimus opened this issue Jan 23, 2023 · 5 comments
Labels
Bug Status: Needs Review Status: Waiting feedback Validator

Comments

@Sectimus
Copy link

Symfony version(s) affected

Symfony Validator 6.0.6

Description

HTML5 validation within the symfony validator currently uses the following pattern for HTML5 email validation:

/^[a-zA-Z0-9.!#$%&\'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)+$/

This is not actually valid as emails such as name@example are not accepted, whereas they are accepted using actual HTML5 form validation.

How to reproduce

$validator = $context->getValidator();
$emailConstraint = new Assert\Email();
$emailConstraint->mode = 'html5';
$result = $validator->validate("name@example", $emailConstraint);
//email is marked as invalid

The problematic code can be reproduced as:

<?php
$SYMFONY_PATTERN_HTML5 = '/^[a-zA-Z0-9.!#$%&\'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)+$/';

$example1 = "name@example";
$example2 = "name@example.com";

echo preg_match($SYMFONY_PATTERN_HTML5, $value1); //0
echo preg_match($SYMFONY_PATTERN_HTML5, $value2); //1
//both these emails should be valid under HTML5

For reasoning, please see: https://stackoverflow.com/a/20573649

Possible Solution

The top level domain delimiter (dot) should be optional.

^[a-zA-Z0-9.!#$%&\'*+\\=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.?[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)+$

Additional Context

No response
@Sectimus Sectimus added the Bug label Jan 23, 2023
@fabpot
Copy link
Member
fabpot commented Jan 23, 2023

Do you have a use case for accepting something@example for production applications?

@xabbuh
Copy link
Member
xabbuh commented Jan 23, 2023
edited
Loading

#47872 made this possible in 6.2, right?

@Sectimus
Copy link
Author

Using HTML5 email validation I would assume that if an email can pass basic HTML5 form validadtion: <input type="email"> - then it should pass HTML5 email validation here. If not then perhaps it should be named something else or have the documentation updated to mention that it is not an exact match. Internal networks may not even utilise top level domains. Such as someone@localhost (could be anything really)

@nicolas-grekas
Copy link
Member

Thanks for the report. We discussed about this in #47712 and added Email::VALIDATION_MODE_HTML5_ALLOW_NO_TLD in #47872

@Sectimus
Copy link
Author
Sectimus commented Jan 23, 2023
edited
Loading

Upgrading symfony/validator to version 6.2 and using html5-allow-no-tld now works as expected. Fantastic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Status: Needs Review Status: Waiting feedback Validator
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@fabpot @nicolas-grekas @xabbuh @carsonbot @Sectimus
0