Re: Add support for IDNA 2008

2022-09-14 Thread Carlton Gibson
OK, great, thanks. I'll await your PR. Let's continue on GitHub for the moment then Good hustle ๐Ÿ‘ On Wed, 14 Sept 2022 at 15:54, 'Julien Bernard' via Django developers (Contributions to Django itself) wrote: > Hi Carlton, > > Le mardi 13 septembre 2022 ร  07:17:31 UTC-4, carlton...@gmail.com a >

Re: Add support for IDNA 2008

2022-09-14 Thread 'Julien Bernard' via Django developers (Contributions to Django itself)
Hi Carlton, Le mardi 13 septembre 2022 ร  07:17:31 UTC-4, carlton...@gmail.com a รฉcrit : > Hi Julien. > > I didn't get a canonical answer from the security team yet, but it may be > that we can make the idna an optional dependency quite easily. I already > have it installed in my dev environmen

Re: Add support for IDNA 2008

2022-09-13 Thread Carlton Gibson
Hi Julien. I didn't get a canonical answer from the security team yet, but it may be that we can make the idna an optional dependency quite easily. I already have it installed in my dev environment, for instance, coming from selenium and requests. >From the package docs: https://pypi.org/pro

Re: Add support for IDNA 2008

2022-09-06 Thread Carlton Gibson
Hey Julien. Thanks, OK... ๐Ÿ“– The Python docs have it : > If you need the IDNA 2008 standard from *RFC 5891* and *RFC 5895* , use the th

Re: Add support for IDNA 2008

2022-09-06 Thread 'Julien Bernard' via Django developers (Contributions to Django itself)
Hi Carlton, IDNA 2008 made some changes in the valid or invalid IDNs and some differences in the ways some characters are transformed in Punycode compared to IDNA 2003 for multiple reasons. A difference that is often used as an example is the german 'รŸ' character. In IDNA 2003 it is transformed

Re: Add support for IDNA 2008

2022-09-06 Thread Carlton Gibson
Hey Julian. What's maybe missing is some concrete cases. "This conversion should be made IDNA 2008 compliant." โ€” OK, but what does that buy us? Maybe the idna package is OK... It's widely depended on already โ€” I got it for free yesterday installing httpx in a project โ€” and packaging isn't what it

Re: Add support for IDNA 2008

2022-09-06 Thread 'Julien Bernard' via Django developers (Contributions to Django itself)
Thanks Carlton. This makes total sense to keep things simple and avoid bringing another dependency in the context of validation, providing that you won't prevent valid URLs to be accepted. That's where it can be tricky but it seems reasonable to think that the current domain validation is too

Re: Add support for IDNA 2008

2022-09-04 Thread Carlton Gibson
Hi Julian. We've had several tickets and discussions surrounding how far e.g. URLValidator needs to match all valid URLs. The conclusion we've come to (which is always provisional) is that actually we **don't** want such match all valid (according to the relevant RFC and such) input. Rather, we'd

Re: Add support for IDNA 2008

2022-09-02 Thread 'Julien Bernard' via Django developers (Contributions to Django itself)
Thanks Adam. The ticket was targetting EmailValidator but the punycode method is used at more places in Django core. If you look for Unicode characters support in email addresses in tickets you will get more than looking for IDN but indeed the demand may not be that much. This is a vicious circl

Re: Add support for IDNA 2008

2022-09-01 Thread 'Adam Johnson' via Django developers (Contributions to Django itself)
Some data... The idna package has ~9M downloads a day ( https://pypistats.org/packages/idna ) compared with Django's ~350k ( https://pypistats.org/packages/django ). However it has 191 GitHub stars ( https://github.com/kjd/idna ) compared to Django's 66k ( https://github.com/django/django ). I i

Add support for IDNA 2008

2022-09-01 Thread 'Julien Bernard' via Django developers (Contributions to Django itself)
Hi, I'm starting this discussion following ticket #33968 recommendation in comment. Currently the punycode method is converting domain nam