email-validator.dart icon indicating copy to clipboard operation
email-validator.dart copied to clipboard

Published 20 hours ago verified publisher icon fredeil

1 Letter TLD should not be valid

Open vincentdh opened this issue 3 years ago • 4 comments

Hi,

The validate function return TRUE for an address like "[email protected]" but a 1 letter TLD isn't a valid TLD

Thanks

vincentdh avatar Jun 14 '21 19:06 vincentdh

While in practise it is theoretically possible that TLDs are single letters (according to some RFCs), they are avoided in general. I agree with you and I don't see any use cases for allowing single letter TLDs right now @vincentdh

fredeil avatar Jun 15 '21 10:06 fredeil

After further reading, you are right. The RFCs allows the use of a single letter as TLD however none have been registered with the IANA.

I don't know how this can be implementated, but maybe the TLD should be verified with the list of TLD from the IANA?

vincentdh avatar Jun 15 '21 17:06 vincentdh

@vincentdh I think your PR does not solve the problem. Nice, you did it, but ultimately you add something which firstly means validation goes away from RFC's. You added the entire hardcoded list inside a file, with no way to know when IANA will update it. We could have a temporal zone where you protect for 1 letter domain now but with that hardcoded file we are missing validation on a newly added 4 letters TLD. That file needs to be added with the build pipeline where you do a GET and put it in the last merge. You still will be dependant on a PR, and since this package has everything inside and unlikely that we will see daily builds, we are in the same bad temporal zone.

I think the users should fix it with something like:

final bool _isEmailValid = EmailValidator.validate(_emailController.text, false, true);
final bool _noOneLetterDomain = _emailController.text.split('.').last.length > 1;
if(_isEmailValid && _noOneLetterDomain) {
  ...
}

not an expert on all, but will be nice to have with your PR a build runner that automatically downloads the new file from IANA. Not sure if even possible. Something to run with flutter pub run build_runner build. So we put the responsibility on the developer's side to add to their builds?

LeonardCModoran avatar Jun 23 '21 00:06 LeonardCModoran

The problem is:

does this package merely verify correct syntax according to the RFC, or does it start down the slippery slope of semantically valid?

It's a slippery slope because once we decline validation on 1-character domains, what's next... domains not currently in use? Email addresses never encountered in the field? Non-current email addresses?

Just where do you draw the line?

RandalSchwartz avatar Jan 01 '22 03:01 RandalSchwartz