Fixed #26423 -- Match email validation with html. #8081
Conversation
|
|
||
| def __init__(self, message=None, code=None, whitelist=None): | ||
| if message is not None: | ||
| self.message = message | ||
| if code is not None: | ||
| self.code = code | ||
| if whitelist is not None: | ||
| self.domain_whitelist = whitelist | ||
| pass # deprecated |
There was a problem hiding this comment.
Not sure about the decision here -- documentation/explanation is needed.
There was a problem hiding this comment.
According to https://html.spec.whatwg.org/multipage/forms.html#valid-e-mail-address, the text after @ can be a letter, digit or hyphen optionally followed by a . and a trail of letters, digits or hyphens.
The domain whitelist was there to allow domains that don't have a . in them to be treated as a special case (and be allowed). However, since the validation now considers a . as optional already, we don't have to specify any whitelists manually.
There was a problem hiding this comment.
If this is the case, there needs to be a proper deprecation warning issued here.
There was a problem hiding this comment.
@pope1ni Should I add the deprecation warning within validators.py itself? If yes, is there a specific format that I should do it in? I've added it to validators.txt already.
There was a problem hiding this comment.
Follow the guide in the documentation on deprecating a feature.
There was a problem hiding this comment.
My thinking was:
- Originally django didn't allow any dotless domain names.
- People wanted to use "localhost", so
domain_whitelistwas added to allow more user-specified domains. https://code.djangoproject.com/ticket/4833 - We're changing the behavior of email validation to make it allow a lot more email addresses including all dotless domains, so you don't need to specify specific domains to allow.
- So before this change, we allow all domains in
domain_whitelist, and after this change we allow all domains indomain_whitelist(plus more)
There was a problem hiding this comment.
(though I don't know, maybe it still makes sense to deny dotless domain names. I think we denied them because the spec said we should (see ticket 4883). html's validation allows them.)
There was a problem hiding this comment.
My question was about the fact that you marked domain_whitelist as deprecated in a comment but didn't implement a deprecation. Did you intend to do some more implementation? Would it be better to remove domain_whitelist so that developers are alerted to the fact that this parameter no longer has any effect? That seems more friendly than raising a deprecation (which might be silent) about it. I doubt that parameter is used in third-party apps where multiple Django version support might be important.
There was a problem hiding this comment.
Hmm... I personally really don't like backward incompatibilities, but removing it seems outright fine to me. Though I'm thinking it might be helpful to propose it on django-developers first. Should I do that?
There was a problem hiding this comment.
Sure, feel free to continue the thread, https://groups.google.com/d/topic/django-developers/ASBJ0ge2KYo/discussion.
docs/ref/validators.txt
Outdated
| The :class:`EmailValidator` works in accordance with the HTML5 Email | ||
| validation standard as described `here`_. | ||
|
|
||
| .. _here: https://html.spec.whatwg.org/multipage/forms.html#valid-e-mail-address |
There was a problem hiding this comment.
link "HTML5 Email validation standard" and chop "as described here".
Add a versionchanged annotation as described at https://docs.djangoproject.com/en/dev/internals/contributing/writing-documentation/#documenting-new-features.
docs/ref/validators.txt
Outdated
|
|
||
| In older version, Email validation was done with Django's own | ||
| logic. It uses the HTML5 Email validation standard from 2.0 | ||
| onwards. |
There was a problem hiding this comment.
What would sound better?
Since 2.0, Django uses the standard HTML5 Email validation logic.
There was a problem hiding this comment.
In the above paragraph, onwards. is just hanging in the last line. It is better if that can be reflowed to previous line.
There was a problem hiding this comment.
Okay. Does Since 2.0, Django uses the standard HTML5 Email validation logic. sound better than
In older version, Email validation was done with Django's own logic. It uses the HTML5 Email validation standard from 2.0 onwards.
?
There was a problem hiding this comment.
First version is fine. Just rearrange it to
In older version, Email validation was done with Django's own
logic. It uses the HTML5 Email validation standard from 2.0 onwards.
Also squash everything to a single commit. There shouldn't be any merge commits. Thanks.
There was a problem hiding this comment.
Also change "Email" to "email" in both sentences - don't capitalise.
|
|
||
| def __init__(self, message=None, code=None, whitelist=None): | ||
| if message is not None: | ||
| self.message = message | ||
| if code is not None: | ||
| self.code = code | ||
| if whitelist is not None: | ||
| self.domain_whitelist = whitelist | ||
| pass # deprecated |
There was a problem hiding this comment.
What's implemented now doesn't look like a deprecation since the domain_whitelist attribute is gone and if a custom whitelist is passed, it's ignored. Anyway, a warning should be raised about the deprecation indicating that whitelist is ignored and will be removed in a future version if that's the intention.
docs/ref/validators.txt
Outdated
| logic. Since version 2.0, it uses the HTML5 email validation | ||
| standard. | ||
|
|
||
| The ``whitelist`` attribute is deprecated since 2.0. It was |
There was a problem hiding this comment.
Should be documented under .. attribute:: whitelist -- although it's removed so maybe it should be deleted instead.
docs/releases/2.0.txt
Outdated
| @@ -206,7 +206,7 @@ URLs | |||
| Validators | |||
| ~~~~~~~~~~ | |||
|
|
|||
| * ... | |||
| * The :class:`django.core.validators.EmailValidator` now uses the HTML5 email validation standard. | |||
There was a problem hiding this comment.
Wrap documentation at 79 characters -- not sure I'd consider this a "minor feature" though.
docs/ref/validators.txt
Outdated
| @@ -145,6 +145,23 @@ to, or in lieu of custom ``field.clean()`` methods. | |||
| ``['localhost']``. Other domains that don't contain a dot won't pass | |||
| validation, so you'd need to whitelist them as necessary. | |||
|
|
|||
| The :class:`EmailValidator` works in accordance with the `HTML5 email | |||
There was a problem hiding this comment.
It would be appropriate to explain this design decision.
There was a problem hiding this comment.
I've just added the explanation to the versionchanged annotation.
|
Closing due to inactivity. |
References #7742.
Adds documentation describing what the Validation logic is based on.
Ticket: https://code.djangoproject.com/ticket/26423