#34961: Add a max_length parameter to EmailValidator
-------------------------------------+-------------------------------------
Reporter: jecarr | Owner: nobody
Type: | Status: closed
Cleanup/optimization |
Component: Core (Other) | Version: 4.2
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Natalia Bidart):
* cc: Mariusz Felisiak (added)
Comment:
Replying to [comment:2 jecarr]:
> I did wonder if the two different max-lengths were unintentional and
thought an approach would be to drop the EmailValidator max-length to
match that of EmailField's max-length or vice-versa. But I appreciate this
could cause breaking changes to existing applications hence my initial
suggestion.
>
> As this is now a wontfix and for my understanding of the codebase, I'll
ask why the two different max-lengths for email addresses? Is it because
with Fields we want to be stricter with max-lengths?
Thank you for reaching out after you noticed the different max lengths
allowed for the `EmailField` and the `EmailValidator`. I don't have the
exact answer for "why the two different max-lengths for email addresses"
but I can share some facts:
0. The validator `EmailValidator` is a generic email validator that is
used to validate email addresses using regular expressions. Recently, the
maximum allowed length for validating a email was limited to 320 chars
following a [https://www.djangoproject.com/weblog/2023/jul/03/security-
releases/ security release from July] to prevent potential DoS attacks
when validating extremely long strings.
1. The form field `EmailField` is an abstraction of an HTML input,
basically a char field represented as `<input type="email"
maxlength="...>`. The default `max_length` for this field was set to 320
in the same security release I mentioned above (before that, `max_length`
was optional and unset for this field).
2. The model field `EmailField` is just a `CharField` with a default
`max_length` (254 as you noticed) and a configured validator
(`EmailValidator`). I can see how this difference in the maximum allowed
length raises questions.
So, in all honesty, when I closed the ticket yesterday I wasn't
considering the two `EmailField`s (the model and the form fields). Now
that I write this summary, and that I see that the form field's
`max_length` was changed to match the length of the validator but not the
model field, I do wonder if we should. I'll cc Mariusz to see what he
thinks since he implemented the original 320 char limit.
Glad you asked more questions about this!
--
Ticket URL: <https://code.djangoproject.com/ticket/34961#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/0107018bb946a876-14ead09d-5f42-4c31-a8ad-6d7538a285e7-000000%40eu-central-1.amazonses.com.
