New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EmailValidator catastrophic exponential-time regular expression #7757
Comments
|
Current implementation on Vaadin8, gives validation error if value is an empty string, because it only test null value. |
|
this second bug notificated by fante76 it's more serious because blocks the form tha has an EmailValidator inside. Would be better to fix the problem first as possible. |
|
Hello there! It looks like this issue hasn't progressed lately. There are so many issues that we just can't deal them all within a reasonable timeframe. There are a couple of things you could help to get things rolling on this issue (this is an automated message, so expect that some of these are already in use):
Thanks again for your contributions! Even though we haven't been able to get this issue fixed, we hope you to report your findings and enhancement ideas in the future too! |
|
The issue was automatically closed due to inactivity. If you found some new details to it or started working on it, comment on the issue so that maintainers can re-open it. |
|
For some reason this ticket has been left open although it has been addressed in Vaadin version 8 newer frameworks. The regexp pattern has been update to
I verified that problem with the given test pattern does not occur anymore. |
Originally by jtomaszk
Class com.vaadin.data.validator.EmailValidator is using unsafe validation regex
example of potential malicious input that validation never ends:
related info [http://www.regular-expressions.info/catastrophic.html]
Imported from https://dev.vaadin.com/ issue #20065
The text was updated successfully, but these errors were encountered: