Hi All, There's a PR [0] to make validation match HTML. Though there's a question about what to do with domain_whitelist.
Here's the background: - Originally Django didn't allow any dotless (non-FQDN) domain names. - People wanted to use "localhost", but the SMTP spec said "Local nicknames or unqualified names MUST NOT be used." So domain_whitelist was added to allow more user-specified domains. https://code.djangoproject.com/ticket/4833 - We're proposing to change the behavior of email validation to allow a lot more email addresses including all dotless domains, so you don't need to specify specific domains to allow. - Though maybe it still makes sense to deny dotless domain names. I think the options currently are: 1 - Immediately remove domain_whitelist so people get a hard error. It's probably not used in third-party apps where multiple Django version support might be important. 2 - Deprecate domain_whitelist and ignore with a warning. 3 - Keep restricting dotless domains unless they are in domain_whitelist. Collin [0] https://github.com/django/django/pull/8081 On Tuesday, April 5, 2016 at 1:41:14 PM UTC-4, Tim Graham wrote: > > Any thoughts about whether or not to make similar simplifications to > URLValidator? There's an old ticket to add a DomainNameValidator [0] > which may or may not be worth moving forward with based on the decision. > > [0] https://code.djangoproject.com/ticket/18119 > > On Saturday, April 2, 2016 at 3:05:14 AM UTC-4, Shai Berger wrote: >> >> On Saturday 02 April 2016 09:44:54 Josh Smeaton wrote: >> > For what reason Zach? >> >> There is only one reason for which a strict and accurate validation is >> required, as far as I can see, and that is if your application is not >> just >> using existing email addresses (i.e. sending mail to users) but actually >> manages them (i.e. creates mail addresses). >> >> Such applications are few and far between... >> >> > Without a canonical regex implementation to copy or >> > include, we're stuck poorly reimplementing a bunch of esoteric rules to >> > what end? The main purpose of email validation is to provide relevant >> > feedback to the user, and to guard against obviously bad or malicious >> data. >> > "Looks vaguely like an email address" is probably too loose to be >> useful, I >> > admit. The proposal to copy the regex from the html5 email input widget >> > seems like a fine compromise to me. >> > >> > We should also err on the side of allowing incorrect addresses rather >> than >> > rejecting correct addresses. I'd much rather have bad signups that need >> to >> > be done again rather than users that can't sign up with their valid >> > addresses. >> > >> >> ...and their needs should not imply a high burden of maintenance on the >> rest >> of the community; they can and should implement their own validation. >> >> +1 everything Josh said. >> >> Shai. >> > -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/e6074d2a-b84f-41cb-bd77-842c63169f2f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
