zod icon indicating copy to clipboard operation
zod copied to clipboard

Published 20 hours ago verified publisher icon colinhacks

z.string().email() allows invalid emails with a comma

Open anthony-healthstreet opened this issue 10 months ago • 5 comments

It seems that the zod validation for email is allowing commas through which does not match the RFC 5322 standards.

I'm on version 3.22.4

To reproduce (playground link):

import { z } from 'zod';

const myschmea = z.object({
  email: z.string().email(),
});

const test = {
  email: 'test,[email protected]',
};

const parse = myschmea.safeParse(test);

console.log(parse);

const appDiv: HTMLElement = document.getElementById('app');
appDiv.innerHTML =
  `<h1>TypeScript Zod Playground<br>` + JSON.stringify(parse) + `</h1>`;

Workaround - Disable typing of commas into input fields

anthony-healthstreet avatar Apr 08 '24 13:04 anthony-healthstreet

its a near impossible task to make this cover all cases. for instance this:

"@dk" is a valid email

klh avatar Apr 11 '24 10:04 klh

None of my business, but since you mentioned me here (as @dk), there is a brilliant book by jeffrey friedl about regexes, where he covers exactly rfc-strict email parsing :)

dk avatar Apr 11 '24 11:04 dk

None of my business, but since you mentioned me here (as @dk), there is a brilliant book by jeffrey friedl about regexes, where he covers exactly rfc-strict email parsing :)

hahah I get that all the time with @threads and @klh ;)

klh avatar Apr 11 '24 14:04 klh

Fixed in Zod 3.23.0

colinhacks avatar Apr 21 '24 22:04 colinhacks

Fixed in Zod 3.23.0

I believe this should've been closed

gshpychka avatar Aug 22 '24 14:08 gshpychka