Re: [Django] #17386: Validation & Unicode Character 'ZERO WIDTH SPACE' (U+200B)

Thu, 15 Dec 2011 04:50:14 -0800 

#17386: Validation & Unicode Character 'ZERO WIDTH SPACE' (U+200B)
-------------------------------+--------------------------------------
     Reporter:  pennersr       |                    Owner:  nobody
         Type:  Uncategorized  |                   Status:  new
    Component:  Forms          |                  Version:  1.3
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Unreviewed
    Has patch:  0              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  0
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+--------------------------------------

Comment (by pennersr):

 > Django won't alter user input silently — it's a bad practice that can
 backfire in interesting ways.
 > And I'm not in favor of defeating a purposeful (although debatable)
 anti-spam mechanism.

 In this case it is debatable on whether that character is in fact user
 input, as the user inputting the e-mail address is totally unaware of that
 character being sent to the server.

 That character is apparently meant to trick robots in such away that they
 won't recognize the e-email address. However, a user cannot tell the
 difference between two e-mail addresses, one with, and one without the
 character.

 Therefore:
 - It would be indeed be wrong to raise a ValidationError, as the user
 wouldn't know what to do -- he literally does not see the problem.
 - It would be wrong to accept the accept the value as is, as two "equal"
 e-mail addresses do not pass the equality test (==, iexact), causing all
 sorts of trouble in any Django app comparing e-mail addresses.

 As for altering input silently: multiple representations of the same date
 are all mapped to a single representation under the hood, so why don't we
 do the same for multiple representations of the same e-mail address?

-- 
Ticket URL: <https://code.djangoproject.com/ticket/17386#comment:4>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to 
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Reply via email to