Email validation does not validate emails according to RFC standards #3155
Comments
|
Hello, I'd like to complete this RFC issue :
|
|
Hi there! It seems like this is related, so I'll share. I just found out that Zod allows commas in the local part of the email. Example: EDIT: my bad, looks like this is also fixed in this PR #3286. |
|
Ran into this today with this example failing the regex but allowed in the RFC: |
|
It's an old comment, but it may still be relevant: #3218 (comment) |
|
This is intended, see #2157 for the justification. You can use const emailRegex =
/^(?!\.)(?!.*\.\.)([A-Z0-9_'+-\.]*)[A-Z0-9_'+-]@([A-Z0-9][A-Z0-9\-]*\.)+[A-Z]{2,}$/i;
const emailSchema = z.string().superRefine((data, ctx) => {
if (!emailRegex.test(data)) {
ctx.addIssue({
code: z.ZodIssueCode.invalid_string,
message: "Invalid email address",
validation: "email",
});
}
}); |
It seems that Zod email validation accepts emails that are not conforming to RFC specifications.
" In addition to restrictions on syntax, there is a length limit on email addresses. That limit is a maximum of 64 characters (octets) in the "local part" (before the "@") and a maximum of 255 characters (octets) in the domain part (after the "@") for a total length of 320 characters. Systems that handle email should be prepared to process addresses which are that long, even though they are rarely encountered."
So the issues is that Zod does not count total number of chars or separate "local part" and "domain part".
Should I open a PR or is this something that is already on someones table?
The text was updated successfully, but these errors were encountered: