fix: IsEmail() consider invisible character in email as valid

[Scarus]

Description

One of our users entered an email address like the following: "​[email protected]" It contains an invisible character at the beginning (maybe the result of a weird copy/paste ?) (You can make it appear by pasting the string into a web browser console) It resulted in hard to spot problems as you would expect when two seemingly identical strings are in fact not matching.

The email string was validated using these decorators:

    @IsNotEmpty()
    @IsString()
    @IsEmail()
    public email: string;

Expected behavior

IsEmail should deny the validation of the email when it contains an invisible character.

Actual behavior

IsEmail() validate the email containing the invisible character

[vader-sama]

The @IsEmail() is responsible for checking if a string is an email or not. Email pattern is like this *@*.* and as long as it has the pattern, It doesn't matter what kind of characters are instead of *. I think it would be better to have another type of decorator to check those cases. (If class-validator already doesn't have)

[BUONJG]

@vader-sama It seems to me the validation pattern for email is far more complex than *@*.*. If I'm not wrong the code is here: https://github.com/validatorjs/validator.js/blob/master/src/lib/isEmail.js

I suppose the invisible character reported by @Scarus is allowed by the validator but I believe it shouldn't.

Perhaps it is more an issue to report on the validatorjs repository...

[braaar]

Please close this issue and open a new one in validator.js, @Scarus :)

[Scarus]

New Issue submitted in https://github.com/validatorjs/validator.js Closing this one

[github-actions[bot]]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.