validator.js
validator.js copied to clipboard
validatorjs
IsEmail() consider invisible character in email as valid
Description
One of our users entered an email address like the following:
"[email protected]"
It contains an invisible character at the beginning (maybe the result of a weird copy/paste ?)
(You can make it appear by pasting the string into a web browser console)
It resulted in hard to spot problems as you would expect when two seemingly identical strings are in fact not matching.
The email string was validated using these decorators:
@IsNotEmpty()
@IsString()
@IsEmail()
public email: string;
Expected behavior
IsEmail should deny the validation of the email when it contains an invisible character.
Actual behavior
IsEmail() validate the email containing the invisible character
@Scarus - can you pls assign this issue to me? I would like to work on it
Feel free to open a PR for this, @meeraj257 there's no need to be assigned to this
Thanks @WikiRik . I will raise a PR soon in 1-2 days. Wanted to make sure others also not work on the same.
@Scarus could you assign this issue to me? Would be happy to work on it!
@Scarus could you assign this issue to me? Would be happy to work on it!
PR #2049 has already been opened to fix this issue
@tux-tn - i saw your comments. The email RFC is broad and includes the whole range. I think having invisible characters in strings in general is very confusing and does cause issues like when you use it to send emails by typing it or you have blocked or allowed lists in applications. So i think its ok to not allow certain subset . we can add a flag to override this default behavior if anyone needs emails with invisible characters to be allowed. I think this change is actually beneficial and not taking away any useful functionality. Like to see inputs from issue owner @Scarus
Hi all, any news regarding this issue? I had to deal with a bug on our application due to the invisible character passing the email validation...
