From aa2ba885aff127dc35d7c762be4262f2d6dad8c2 Mon Sep 17 00:00:00 2001 From: Joseph Frazer Date: Mon, 23 Dec 2019 08:12:04 -0500 Subject: [PATCH] [DEV-6756] Prevent special chars from "local-part" of email address The `"(),:;<>@[\]`` are allowed in the "local-part" of an email address under certain circumstances, but our regex is not checking those circumstances. It is better if we do not allow them until we improve validation. --- src/validate/formatter/EmailFormatter.js | 2 +- test/validate/formatter/EmailFormatterTest.js | 15 +++++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/src/validate/formatter/EmailFormatter.js b/src/validate/formatter/EmailFormatter.js index 31d200f..67279f2 100644 --- a/src/validate/formatter/EmailFormatter.js +++ b/src/validate/formatter/EmailFormatter.js @@ -22,7 +22,7 @@ // characters allowed in local-part, omitting dot (some of these are only // allowed within quotes, but we're not going to bother convuluting the regex // with that) -var local_chars = '[a-zA-Z0-9!#$%&\'*+/=?^_1{|}~()\\\\" (),:;<>@\\[\\]-]'; +var local_chars = '[a-zA-Z0-9!#$%&\'*+/=?^_1{|}~-]'; /** diff --git a/test/validate/formatter/EmailFormatterTest.js b/test/validate/formatter/EmailFormatterTest.js index c451f32..a1cbda4 100644 --- a/test/validate/formatter/EmailFormatterTest.js +++ b/test/validate/formatter/EmailFormatterTest.js @@ -34,7 +34,6 @@ describe( 'validate.formatter.StringFormat', function() "firstname.lastname@domain.com", "email@subdomain.domain.com", "firstname+lastname@domain.com", - 'email"@domain.com', "1234567890@domain.com", "email@domain-one.com", "_______@domain.com", @@ -50,7 +49,7 @@ describe( 'validate.formatter.StringFormat', function() "@domain.com", "Joe Smith ", "email.domain.com", - // "email@domain@domain.com", + "email@domain@domain.com", ".email@domain.com", "email.@domain.com", "email..email@domain.com", @@ -59,5 +58,17 @@ describe( 'validate.formatter.StringFormat', function() "email@domain", "email@-domain.com", "email@domain..com", + "em,ail@domain.com", + 'em"ail@domain.com', + "em(ail@domain.com", + "em)ail@domain.com", + "em:ail@domain.com", + "em;ail@domain.com", + "email@domain.com", + "em[ail@domain.com", + "em]ail@domain.com", + "em ail@domain.com", + "em\\ail@domain.com", ].forEach( email_address => assert.throws( () => Sut.parse( email_address ), Error ) ); } );