From 7d7153ddedcfcb4f6464f59c6fe709ea1831cdea Mon Sep 17 00:00:00 2001 From: Alok Dwivedi Date: Sun, 6 Oct 2024 18:14:13 +0530 Subject: [PATCH 1/2] fix(email-validation): reject quoted emails with blacklisted characters --- src/lib/isEmail.js | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/lib/isEmail.js b/src/lib/isEmail.js index 1aceca3cf..f4f4bd54b 100644 --- a/src/lib/isEmail.js +++ b/src/lib/isEmail.js @@ -163,7 +163,14 @@ export default function isEmail(str, options) { } if (options.blacklisted_chars) { + // Check for blacklisted characters in the raw user part if (user.search(new RegExp(`[${options.blacklisted_chars}]+`, 'g')) !== -1) return false; + + // If the user part is quoted, remove the quotes and recheck + if (user[0] === '"' && user[user.length - 1] === '"') { + const strippedUser = user.slice(1, user.length - 1); + if (strippedUser.search(new RegExp(`[${options.blacklisted_chars}]+`, 'g')) !== -1) return false; + } } if (user[0] === '"' && user[user.length - 1] === '"') { From 1b3e01fbbe38584d5cbadb07283b032078ee522c Mon Sep 17 00:00:00 2001 From: Alok Dwivedi Date: Sun, 6 Oct 2024 21:51:55 +0530 Subject: [PATCH 2/2] Added tests for isEmail quotes case --- test/validators.test.js | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/test/validators.test.js b/test/validators.test.js index 31a36d029..4603a22fa 100644 --- a/test/validators.test.js +++ b/test/validators.test.js @@ -281,6 +281,23 @@ describe('Validators', () => { }); }); + it('should not validate email addresses with quotes in the local part', () => { + test({ + validator: 'isEmail', + args: [{ blacklisted_chars: '"' }], + valid: [ + 'foo@bar.com', + 'test@example.com', + ], + invalid: [ + '"foobar"@example.com', + '"foo"bar@example.com', + 'foo"bar"@example.com', + '" foo m端ller "@example.com', + '"foo\\@bar"@example.com', + ], + }); + }); it('should validate really long emails if ignore_max_length is set', () => { test({