z.string().email() allows invalid emails with a comma

colinhacks / zod

TypeScript-first schema validation with static type inference

https://zod.dev

MIT License

33.92k stars 1.18k forks source link

z.string().email() allows invalid emails with a comma #3389

Open anthony-healthstreet opened 7 months ago

anthony-healthstreet commented 7 months ago

It seems that the zod validation for email is allowing commas through which does not match the RFC 5322 standards.

I'm on version 3.22.4

To reproduce (playground link):

import { z } from 'zod';

const myschmea = z.object({
  email: z.string().email(),
});

const test = {
  email: 'test,dumb@company.com',
};

const parse = myschmea.safeParse(test);

console.log(parse);

const appDiv: HTMLElement = document.getElementById('app');
appDiv.innerHTML =
  `<h1>TypeScript Zod Playground<br>` + JSON.stringify(parse) + `</h1>`;

Workaround - Disable typing of commas into input fields

klh commented 7 months ago

its a near impossible task to make this cover all cases. for instance this:

"@dk" is a valid email

dk commented 7 months ago

None of my business, but since you mentioned me here (as @dk), there is a brilliant book by jeffrey friedl about regexes, where he covers exactly rfc-strict email parsing :)

klh commented 7 months ago

None of my business, but since you mentioned me here (as @dk), there is a brilliant book by jeffrey friedl about regexes, where he covers exactly rfc-strict email parsing :)

hahah I get that all the time with @threads and @klh ;)

colinhacks commented 6 months ago

Fixed in Zod 3.23.0

gshpychka commented 2 months ago

Fixed in Zod 3.23.0

I believe this should've been closed