#34961: Add a max_length parameter to EmailValidator
-------------------------------------+-------------------------------------
Reporter: jecarr | Owner: nobody
Type: | Status: closed
Cleanup/optimization |
Component: Core (Other) | Version: 4.2
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage:
| Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Natalia Bidart):
* cc: Mariusz Felisiak (added)
Comment:
Replying to [comment:2 jecarr]:
> I did wonder if the two different max-lengths were unintentional and
thought an approach would be to drop the EmailValidator max-length to
match that of EmailField's max-length or vice-versa. But I appreciate this
could cause breaking changes to existing applications hence my initial
suggestion.
>
> As this is now a wontfix and for my understanding of the codebase, I'll
ask why the two different max-lengths for email addresses? Is it because
with Fields we want to be stricter with max-lengths?
Thank you for reaching out after you noticed the different max lengths
allowed for the `EmailField` and the `EmailValidator`. I don't have the
exact answer for "why the two different max-lengths for email addresses"
but I can share some facts:
0. The validator `EmailValidator` is a generic email validator that is
used to validate email addresses using regular expressions. Recently, the
maximum allowed length for validating a email was limited to 320 chars
following a [https://www.djangoproject.com/weblog/2023/jul/03/security-
releases/ security release from July] to prevent potential DoS attacks
when validating extremely long strings.
1. The form field `EmailField` is an abstraction of an HTML input,
basically a char field represented as `<input type="email"
maxlength="...>`. The default `max_length` for this field was set to 320
in the same security release I mentioned above (before that, `max_length`
was optional and unset for this field).
2. The model field `EmailField` is just a `CharField` with a default
`max_length` (254 as you noticed) and a configured validator
(`EmailValidator`). I can see how this difference in the maximum allowed
length raises questions.
So, in all honesty, when I closed the ticket yesterday I wasn't
considering the two `EmailField`s (the model and the form fields). Now
that I write this summary, and that I see that the form field's
`max_length` was changed to match the length of the validator but not the
model field, I do wonder if we should. I'll cc Mariusz to see what he
thinks since he implemented the original 320 char limit.
Glad you asked more questions about this!
--
Ticket URL: <https://code.djangoproject.com/ticket/34961#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/0107018bb946a876-14ead09d-5f42-4c31-a8ad-6d7538a285e7-000000%40eu-central-1.amazonses.com.
