#17386: Validation & Unicode Character 'ZERO WIDTH SPACE' (U+200B)
-------------------------------+--------------------
Reporter: pennersr | Owner: nobody
Type: Uncategorized | Status: new
Component: Forms | Version: 1.3
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
Once in a while users somehow manage to inject e-mail addresses into the
system containing unicode zero width space characters. I am not sure how
they do it -- it probably happens when copy/pasting from a document of
some sorts. Nevertheless, form validation does not reject such e-mail
addresses:
{{{
>>> from django.core.validators import validate_email
>>> email=u't...@hotmail.co\u200bm'
>>> validate_email(email)
>>> # No ValidationError ?
}}}
These e-mail addresses get accepted and cause trouble later on (try
sending mail to them, or hashing them for gravatar uses). Either:
a) Raise a ValidationError for such e-mail addresses, or
b) Automatically strip this character
Downside of a) is that the user is most likely unaware of this invisible
character. He wouldn't know what character to remove where, even if
instructed by an error message.
--
Ticket URL: <https://code.djangoproject.com/ticket/17386>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
