Add gmail validation to isEmail #832
Conversation
lib/isEmail.js
Outdated
| @@ -34,6 +34,7 @@ var default_email_options = { | |||
| /* eslint-disable no-control-regex */ | |||
| var displayName = /^[a-z\d!#\$%&'\*\+\-\/=\?\^_`{\|}~\.\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]+[a-z\d!#\$%&'\*\+\-\/=\?\^_`{\|}~\,\.\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF\s]*<(.+)>$/i; | |||
| var emailUserPart = /^[a-z\d!#\$%&'\*\+\-\/=\?\^_`{\|}~]+$/i; | |||
| var gmailUserPart = /^[a-z\d](\.?[a-z\d])+$/; | |||
There was a problem hiding this comment.
This is probably vulnerable to ReDoS. To sidestep this, we split the user part by . and then test each part individually. Could you set the pattern we use to /^[a-z\d]+$/i when it's a gmail domain?
There was a problem hiding this comment.
Fixed, i did put length checking before and not inside the regex to try to avoid ReDoS but testing each part individually is a better idea since i have found that dots don't count in length checking
src/lib/isEmail.js
Outdated
| // Removing sub-address from username before gmail validation | ||
| const username = user.split('+')[0]; | ||
|
|
||
| if (!isByteLength(username, { min: 6, max: 30 })) { |
There was a problem hiding this comment.
Do you have a source for the [6, 30] length restriction? and the alphanumeric char restriction?
There was a problem hiding this comment.
I can't find a link in google/gmail support except for G-suite users but both length and characters restrictions can be found in Gmail sign-up page
lib/isEmail.js
Outdated
| return false; | ||
| } | ||
| } | ||
| return true; |
There was a problem hiding this comment.
Remove this line, or else everything after + isn't validated:
> validator.isEmail('foobar+ probably not <valid> @gmail.com')
trueThere was a problem hiding this comment.
My bad.., forgot about gmail sub addresses..
|
Thanks 😄 |
|
Thank you for your review 😄 |
This is a partial fix to #825 concerning Gmail
I also edited isEmail tests since some addresses marked valid are not a valid Gmail address.
Not related but i also fixed a deprecated use of new Buffer DEP0005