Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign up form rejects valid international email addresses (Unicode & ACE) #4662

Closed
robertknight opened this issue Sep 20, 2017 · 0 comments
Closed

Sign up form rejects valid international email addresses (Unicode & ACE) #4662

robertknight opened this issue Sep 20, 2017 · 0 comments

Comments

@robertknight
Copy link
Member

Steps to reproduce

  1. Go to the sign up form at https://hypothes.is/signup
  2. Try entering an email address with multiple hyphens in the domain name. This is common in international domain names (IDN) where the fallback ASCII encoding (ACE), for systems that do not support unicode chars in domain names/email addresses, results in domain names starting with "xn--"

The original context is that a user was trying to use an international email address (with non-ASCII chars in the domain name) and then when that failed, tried to use the ACE version.

Support issue: https://hypothesis.zendesk.com/agent/tickets/1479

Expected behaviour

I should be able to sign up with an email address that contains multiple hyphens.

Actual behaviour

The sign up form reports that the email is invalid.

Notes

It looks like Colander is using a regex for validating email addresses, which incorrectly disallows multiple hyphens.

See https://www.rnids.rs/en/cyrillic-on-internet/idn-encoder for more details on IDNs.

See Pylons/colander#283
robertknight added a commit that referenced this issue Sep 21, 2017
@robertknight
Support email addresses with international domain names
6827b96 
`colander.Email` uses a regex which does not allow domain names
beginning with `xn--` or Unicode characters. Either of these limitations
prevents users from registering with email addresses that use
international domain names.

This commit replaces the validator with an alternate pattern taken from
the HTML spec which is used by Chrome and which at least allows the
Punycode version of an internationalized email address to be used.

I opted not to just allow unicode chars because we first have to make
sure that the rest of our stack supports it. Alternatively we could
convert to Punycode automatically when deserializing the user's input.

Fixes #4662
@robertknight robertknight mentioned this issue Sep 21, 2017
Merged
robertknight added a commit that referenced this issue Sep 21, 2017
@robertknight
Support email addresses with international domain names
759e0b9 
`colander.Email` uses a regex which does not allow domain names
beginning with `xn--` or Unicode characters. Either of these limitations
prevents users from registering with email addresses that use
international domain names.

This commit replaces the validator with an alternate pattern taken from
the HTML spec which is used by Chrome and which at least allows the
Punycode version of an internationalized email address to be used.

I opted not to just allow unicode chars because we first have to make
sure that the rest of our stack supports it. Alternatively we could
convert to Punycode automatically when deserializing the user's input.

Fixes #4662
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@robertknight