New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixed #26423 -- Match email validation with html. #8081
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Release notes in docs/releases/2.0.txt
that explain the ramifications of this backwards incompatible change are also needed.
|
||
def __init__(self, message=None, code=None, whitelist=None): | ||
if message is not None: | ||
self.message = message | ||
if code is not None: | ||
self.code = code | ||
if whitelist is not None: | ||
self.domain_whitelist = whitelist | ||
pass # deprecated |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure about the decision here -- documentation/explanation is needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
According to https://html.spec.whatwg.org/multipage/forms.html#valid-e-mail-address, the text after @
can be a letter, digit or hyphen optionally followed by a .
and a trail of letters, digits or hyphens.
The domain whitelist was there to allow domains that don't have a .
in them to be treated as a special case (and be allowed). However, since the validation now considers a .
as optional already, we don't have to specify any whitelists manually.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this is the case, there needs to be a proper deprecation warning issued here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@pope1ni Should I add the deprecation warning within validators.py
itself? If yes, is there a specific format that I should do it in? I've added it to validators.txt
already.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Follow the guide in the documentation on deprecating a feature.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My thinking was:
- Originally django didn't allow any dotless domain names.
- People wanted to use "localhost", so
domain_whitelist
was added to allow more user-specified domains. https://code.djangoproject.com/ticket/4833 - We're changing the behavior of email validation to make it allow a lot more email addresses including all dotless domains, so you don't need to specify specific domains to allow.
- So before this change, we allow all domains in
domain_whitelist
, and after this change we allow all domains indomain_whitelist
(plus more)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(though I don't know, maybe it still makes sense to deny dotless domain names. I think we denied them because the spec said we should (see ticket 4883). html's validation allows them.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My question was about the fact that you marked domain_whitelist
as deprecated in a comment but didn't implement a deprecation. Did you intend to do some more implementation? Would it be better to remove domain_whitelist
so that developers are alerted to the fact that this parameter no longer has any effect? That seems more friendly than raising a deprecation (which might be silent) about it. I doubt that parameter is used in third-party apps where multiple Django version support might be important.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm... I personally really don't like backward incompatibilities, but removing it seems outright fine to me. Though I'm thinking it might be helpful to propose it on django-developers first. Should I do that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, feel free to continue the thread, https://groups.google.com/d/topic/django-developers/ASBJ0ge2KYo/discussion.
docs/ref/validators.txt
Outdated
The :class:`EmailValidator` works in accordance with the HTML5 Email | ||
validation standard as described `here`_. | ||
|
||
.. _here: https://html.spec.whatwg.org/multipage/forms.html#valid-e-mail-address |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
link "HTML5 Email validation standard" and chop "as described here".
Add a versionchanged annotation as described at https://docs.djangoproject.com/en/dev/internals/contributing/writing-documentation/#documenting-new-features.
docs/ref/validators.txt
Outdated
|
||
In older version, Email validation was done with Django's own | ||
logic. It uses the HTML5 Email validation standard from 2.0 | ||
onwards. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reflow this line?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What would sound better?
Since 2.0, Django uses the standard HTML5 Email validation logic.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the above paragraph, onwards.
is just hanging in the last line. It is better if that can be reflowed to previous line.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay. Does Since 2.0, Django uses the standard HTML5 Email validation logic.
sound better than
In older version, Email validation was done with Django's own logic. It uses the HTML5 Email validation standard from 2.0 onwards.
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First version is fine. Just rearrange it to
In older version, Email validation was done with Django's own
logic. It uses the HTML5 Email validation standard from 2.0 onwards.
Also squash everything to a single commit. There shouldn't be any merge commits. Thanks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also change "Email" to "email" in both sentences - don't capitalise.
|
||
def __init__(self, message=None, code=None, whitelist=None): | ||
if message is not None: | ||
self.message = message | ||
if code is not None: | ||
self.code = code | ||
if whitelist is not None: | ||
self.domain_whitelist = whitelist | ||
pass # deprecated |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's implemented now doesn't look like a deprecation since the domain_whitelist
attribute is gone and if a custom whitelist
is passed, it's ignored. Anyway, a warning should be raised about the deprecation indicating that whitelist
is ignored and will be removed in a future version if that's the intention.
docs/ref/validators.txt
Outdated
logic. Since version 2.0, it uses the HTML5 email validation | ||
standard. | ||
|
||
The ``whitelist`` attribute is deprecated since 2.0. It was |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be documented under .. attribute:: whitelist
-- although it's removed so maybe it should be deleted instead.
docs/releases/2.0.txt
Outdated
@@ -206,7 +206,7 @@ URLs | |||
Validators | |||
~~~~~~~~~~ | |||
|
|||
* ... | |||
* The :class:`django.core.validators.EmailValidator` now uses the HTML5 email validation standard. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wrap documentation at 79 characters -- not sure I'd consider this a "minor feature" though.
docs/ref/validators.txt
Outdated
@@ -145,6 +145,23 @@ to, or in lieu of custom ``field.clean()`` methods. | |||
``['localhost']``. Other domains that don't contain a dot won't pass | |||
validation, so you'd need to whitelist them as necessary. | |||
|
|||
The :class:`EmailValidator` works in accordance with the `HTML5 email |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be appropriate to explain this design decision.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've just added the explanation to the versionchanged annotation.
Closing due to inactivity. |
References #7742.
Adds documentation describing what the Validation logic is based on.
Ticket: https://code.djangoproject.com/ticket/26423