Make sure that email validators don't match unintentional non-ASCII local parts

[tats-u]

Follow-up of #1068

EMAIL_REGEX has the same problem as RFC_EMAIL_REGEX.

Also added a test case to email and rfcEmail. The latter has already been assured to be passed thanks to #1068.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
valibot	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jun 26, 2025 10:11pm

[tats-u]

\w matches the following characters with iu flags:

017F; C; 0073; # LATIN SMALL LETTER LONG S
212A; C; 006B; # KELVIN SIGN

I doubt you know this fact. Internationalized emails are not considered by the current regex even now. This is an unintended behavior and should be fixed.

This is also a discussion in the WHATWG HTML tracker (which directly concerns the rfcEmail rule since it's using the HTML spec as its source): whatwg/html#4562

Discuss it only in WHATWG, then Valibot will change only RFC_EMAIL_REGEX. EMAIL_REGEX isn't concerned with the WHATWG spec.

I'll also note that the current regex used by the email validator does not account for valid characters such as '

EMAIL_REGEX has lower quality and is less practical than RFC_EMAIL_REGEX. EMAIL_REGEX is discouraged in my opinion. It exists only for backward compatibility. It should be changed in v2. Where did it taken from?

[pkg-pr-new]

Open in StackBlitz

npm i https://pkg.pr.new/valibot@1075

commit: 339b4ec

[tats-u]

In the first place what "internationalized email addresses" match that regex?
I doubt there are ones using non-ASCII characters other than K and ſ.

SMTPUTF8 is not supported by all MTAs. Who uses non-ASCII characters as a local part?

[tats-u]

Have you seen https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Regular_expressions/Character_class_escape#w? What "accented letters" match \w?

[cyyynthia]

Oh damn it, I mixed up regex flavors again... 😖 You're right here, JS' unicode flag doesn't do anything useful here; for some reason I was thinking with PCRE regex behavior in mind... 🙃

I marked my original comment as resolved, sorry for the confusion! ❤️

I'll open a separate issue for internationalized email support, as I still think it's an important thing to address nonetheless

[tats-u]

You should confirm detailed definitions of character classes in each language unless you are used to them.

e.g. C#: https://learn.microsoft.com/en-us/dotnet/standard/base-types/character-classes-in-regular-expressions#word-character-w

[fabian-hiller]

Just as a quick clarification... there is still interest in merging this PR? If so, I will review in soon.

[fabian-hiller]

I took a quick look and am not sure if I want to merge it. email is intentional "stricter" and disallows many uncommon things. Maybe it it better to leave this as is and recommend rfcEmail instead.

[tats-u]

there is still interest in merging this PR?

Sure

disallows many uncommon things

This PR also disallows uncommon cases. I don't think you assume or know \w with iu matches the Kelvin symbol and the small long S.