#36017: Urlize email address allows punctuation in domains
------------------------------+-------------------------------------------
Reporter: Mike Edmunds | Owner: Gregory Mariani
Type: Bug | Status: assigned
Component: Utilities | Version: 5.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+-------------------------------------------
Changes (by Gregory Mariani):
* owner: (none) => Gregory Mariani
* status: new => assigned
Comment:
I have done a fix, need to run the CI to validate, first time on this repo
for me:
django.utils.html.py
{{{
...
@staticmethod
def is_email_simple(value):
"""Return True if value looks like an email address."""
# An @ must be in the middle of the value.
if "@" not in value or value.startswith("@") or
value.endswith("@"):
return False
try:
p1, p2 = value.split("@")
except ValueError:
# value contains more than one @.
return False
# Max length for domain name labels is 63 characters per RFC 1034.
# Helps to avoid ReDoS vectors in the domain part.
if len(p2) > 63:
return False
# Dot must be in p2 (e.g. example.com)
if "." not in p2 or p2.startswith("."):
return False
if not validate_email(value):
return False
return True
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/36017#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/01070193dfa31f40-482abb78-f3ae-4de3-ab0e-eea2959728bb-000000%40eu-central-1.amazonses.com.
