diff --git a/src/lib/isEmail.js b/src/lib/isEmail.js index 1aceca3cf..f4f4bd54b 100644 --- a/src/lib/isEmail.js +++ b/src/lib/isEmail.js @@ -163,7 +163,14 @@ export default function isEmail(str, options) { } if (options.blacklisted_chars) { + // Check for blacklisted characters in the raw user part if (user.search(new RegExp(`[${options.blacklisted_chars}]+`, 'g')) !== -1) return false; + + // If the user part is quoted, remove the quotes and recheck + if (user[0] === '"' && user[user.length - 1] === '"') { + const strippedUser = user.slice(1, user.length - 1); + if (strippedUser.search(new RegExp(`[${options.blacklisted_chars}]+`, 'g')) !== -1) return false; + } } if (user[0] === '"' && user[user.length - 1] === '"') { diff --git a/test/validators.test.js b/test/validators.test.js index 31a36d029..4603a22fa 100644 --- a/test/validators.test.js +++ b/test/validators.test.js @@ -281,6 +281,23 @@ describe('Validators', () => { }); }); + it('should not validate email addresses with quotes in the local part', () => { + test({ + validator: 'isEmail', + args: [{ blacklisted_chars: '"' }], + valid: [ + 'foo@bar.com', + 'test@example.com', + ], + invalid: [ + '"foobar"@example.com', + '"foo"bar@example.com', + 'foo"bar"@example.com', + '" foo m端ller "@example.com', + '"foo\\@bar"@example.com', + ], + }); + }); it('should validate really long emails if ignore_max_length is set', () => { test({