Regex email validation passing a invalid email ended with dot

go-playground / validator

:100:Go Struct and Field validation, including Cross Field, Cross Struct, Map, Slice and Array diving

MIT License

16.56k stars 1.31k forks source link

Regex email validation passing a invalid email ended with dot #784

Open brunolkatz opened 3 years ago

brunolkatz commented 3 years ago

[x] I have looked at the documentation here first?
[x] I have looked at the examples provided that may showcase my question here?

Package version eg. v9, v10:

latest (10.6.1) v10

Issue, Question or Enhancement:

Regex e-mail validation passing with e-mail finishing with . (dot)

email like test@test.com. should be invalid, but is considered valid.

Code sample, to showcase or reproduce:

https://play.golang.org/p/_i5b90oTmpp

AaronRobson commented 3 years ago

I think that a trailing . may well be allowed in a hostname - please see the hostname man page https://man7.org/linux/man-pages/man7/hostname.7.html

If the input name ends with a trailing dot, the trailing dot is removed, and the remaining name is looked up with no further processing.

brunolkatz commented 3 years ago

I think that a trailing . may well be allowed in a hostname - please see the hostname man page https://man7.org/linux/man-pages/man7/hostname.7.html

The referenced manual use the RFC1123, in cap. 5 the RFC2822 as the standford for e-mail validation. For references, the regex validation for e-mail in Perl (https://github.com/basecamp/mail)) uses the RFC2822 (http://www.ex-parrot.com/pdw/Mail-RFC822-Address.html) who defined a e-mail like "test@test.com." as a invalid e-mail address (https://sphinx.mythic-beasts.com/~pdw/cgi-bin/emailvalidate)

gnuletik commented 2 years ago

For reference, mail.ParseAddress currently fails to parse address ending with a dot.

Another difference between validator and mail.ParseAddress is for addresses containing two dots in the hostname like test@test.example..com.

See https://go.dev/play/p/L5e2v9mE7Xg

IMO, validated email addresses should work with mail.Address().

gnuletik commented 2 years ago

You can override the default email validator until this is fixed.

func init() {
        err := v.RegisterValidation("email", validateEmail)
        if err != nil {
                panic("unable to register " + name)
        }
}

// use a custom email validator to reject email address not parsable by mail.ParseAddress
// https://github.com/go-playground/validator/issues/784
func validateEmail(fl validator.FieldLevel) bool {
        val := fl.Field().String()
        res, err := mail.ParseAddress(val)
        if err != nil {
                return false
        }
        // we don't want to accept email address with Name
        // e.g. "Barry Gibbs <bg@example.com>"
        if res.Name != "" {
                return false
        }
        return res.Address != ""
}

brunoluizkatz-NETZSCH commented 2 years ago

I currently using referenced perl regex at email validation, but I will follow this to update validator when fixed. Thanks for the override example, much more readable them perl regex haha

yangjunchao888 commented 8 months ago

I currently using referenced perl regex at email validation, but I will follow this to update validator when fixed. Thanks for the override example, much more readable them perl regex haha

Is this issue still being followed up?