fix: preserve original email string for quoted local parts with backslash escapes#169
Open
gaoflow wants to merge 1 commit into
Open
fix: preserve original email string for quoted local parts with backslash escapes#169gaoflow wants to merge 1 commit into
gaoflow wants to merge 1 commit into
Conversation
When a quoted local part contains backslash-escaped characters (e.g.
"test\"foo"@example.com), the `original` field on the returned
ValidatedEmail object was being reconstructed by re-quoting the
already-unescaped local part. This produced an invalid string
('"test"foo"@example.com') that differed from the actual input and
was shorter because the backslash escape was lost.
Fix by using the original `email` argument directly when no display
name is present. When a display name is present (e.g. "John"
<addr@domain>), extract just the address from inside the angle
brackets so that email length checks still operate on the
address-only form, as before.
The documented contract for ValidatedEmail.original is: "The email
address that was passed to validate_email." This commit makes that
accurate for all inputs, including quoted local parts with escapes.
Owner
|
Thanks for the bug report. Your regex solution is I think wildly incorrect because you haven't actually parsed the email address. For example, it would fail on I've fixed it with a test here. Linking before merging in case you see any issues: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bug
When
validate_emailis called with a quoted local part that contains backslash-escaped characters — for example"test\"foo"@example.com— theoriginalfield on the returnedValidatedEmailobject is built incorrectly.The code reconstructs
ret.originalby re-quoting the already-unescapedlocal_part. Sincesplit_email()returns the local part with escapes removed (i.e.test"foo), re-wrapping it in quotes produces"test"foo"@example.com— an invalid, malformed string that is also one character shorter than the actual input.The documented contract (
ValidatedEmail.original: "The email address that was passed tovalidate_email.") is violated. Additionally, the incorrect shorter string is used for email length checks (validate_email_length), which could allow emails that are actually over the 254-byte limit to pass when they contain backslash-escaped characters in a quoted local part.Fix
When no display name is present, use the original
emailargument directly — no reconstruction needed. When a display name is present (e.g."John" <addr@domain>), extract the address from inside the angle brackets to preserve the existing behavior of stripping the display name for email length checks.All 288 existing syntax tests pass.
This pull request was prepared with the assistance of AI, under my direction and review.