You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Try entering an email address with multiple hyphens in the domain name. This is common in international domain names (IDN) where the fallback ASCII encoding (ACE), for systems that do not support unicode chars in domain names/email addresses, results in domain names starting with "xn--"
The original context is that a user was trying to use an international email address (with non-ASCII chars in the domain name) and then when that failed, tried to use the ACE version.
`colander.Email` uses a regex which does not allow domain names
beginning with `xn--` or Unicode characters. Either of these limitations
prevents users from registering with email addresses that use
international domain names.
This commit replaces the validator with an alternate pattern taken from
the HTML spec which is used by Chrome and which at least allows the
Punycode version of an internationalized email address to be used.
I opted not to just allow unicode chars because we first have to make
sure that the rest of our stack supports it. Alternatively we could
convert to Punycode automatically when deserializing the user's input.
Fixes#4662
`colander.Email` uses a regex which does not allow domain names
beginning with `xn--` or Unicode characters. Either of these limitations
prevents users from registering with email addresses that use
international domain names.
This commit replaces the validator with an alternate pattern taken from
the HTML spec which is used by Chrome and which at least allows the
Punycode version of an internationalized email address to be used.
I opted not to just allow unicode chars because we first have to make
sure that the rest of our stack supports it. Alternatively we could
convert to Punycode automatically when deserializing the user's input.
Fixes#4662
Steps to reproduce
The original context is that a user was trying to use an international email address (with non-ASCII chars in the domain name) and then when that failed, tried to use the ACE version.
Support issue: https://hypothesis.zendesk.com/agent/tickets/1479
Expected behaviour
I should be able to sign up with an email address that contains multiple hyphens.
Actual behaviour
The sign up form reports that the email is invalid.
Notes
It looks like Colander is using a regex for validating email addresses, which incorrectly disallows multiple hyphens.
See https://www.rnids.rs/en/cyrillic-on-internet/idn-encoder for more details on IDNs.
See Pylons/colander#283
The text was updated successfully, but these errors were encountered: