-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Email validation does not validate emails according to RFC standards #3155
Comments
Hello, I'd like to complete this RFC issue :
|
Hi there! It seems like this is related, so I'll share. I just found out that Zod allows commas in the local part of the email. Example: EDIT: my bad, looks like this is also fixed in this PR #3286. |
Ran into this today with this example failing the regex but allowed in the RFC: |
It's an old comment, but it may still be relevant: #3218 (comment) |
This is intended, see #2157 for the justification. You can use const emailRegex =
/^(?!\.)(?!.*\.\.)([A-Z0-9_'+-\.]*)[A-Z0-9_'+-]@([A-Z0-9][A-Z0-9\-]*\.)+[A-Z]{2,}$/i;
const emailSchema = z.string().superRefine((data, ctx) => {
if (!emailRegex.test(data)) {
ctx.addIssue({
code: z.ZodIssueCode.invalid_string,
message: "Invalid email address",
validation: "email",
});
}
}); |
It seems that Zod email validation accepts emails that are not conforming to RFC specifications.
" In addition to restrictions on syntax, there is a length limit on email addresses. That limit is a maximum of 64 characters (octets) in the "local part" (before the "@") and a maximum of 255 characters (octets) in the domain part (after the "@") for a total length of 320 characters. Systems that handle email should be prepared to process addresses which are that long, even though they are rarely encountered."
So the issues is that Zod does not count total number of chars or separate "local part" and "domain part".
Should I open a PR or is this something that is already on someones table?
The text was updated successfully, but these errors were encountered: