[wp-trac] [WordPress Trac] #62038: Issue with is_email() and sanitize_email()

WordPress Trac noreply at wordpress.org
Mon Sep 16 04:14:21 UTC 2024 

#62038: Issue with is_email() and sanitize_email()
--------------------------------------+------------------------------
 Reporter:  debarghyabanerjee         |       Owner:  (none)
     Type:  defect (bug)              |      Status:  new
 Priority:  normal                    |   Milestone:  Awaiting Review
Component:  Formatting                |     Version:
 Severity:  normal                    |  Resolution:
 Keywords:  has-patch has-unit-tests  |     Focuses:
--------------------------------------+------------------------------

Comment (by ayeshrajans):

 Email and IP address validation functions are perhaps the easiest places
 to start bikeshed conversations, so I will summarize what I think; I'm
 generally against this change.

  - What's your basis on disallowing hostnames that has trailing numbers? I
 don't think this is disallowed by the RFC 5321.

  - If we no longer allow `user at 192.0.2.1` and start to allow
 `user@[192.0.2.1]`, this can leave existing users with those users stuck.

  - Generally speaking, we should try to reduce the disparity between other
 email validation functions. The safest way to do it is to allow the most
 restricted variant of the data. This ship has sailed now, so our second
 goal would be to reduce this disparity.

  - The last time we updated the email validation logic, it quickly
 followed up with bug reports saying they can no longer get certain things
 to work; that's why we now have a separate test for PHPMailer.

 You are correct that `user at 192.0.2.1` type of email addresses are not
 technically correct.  `FILTER_VALIDATE_EMAIL` agrees on this too. However,
 this is _practically_ still considered valid. For example, both Chrome and
 Firefox accept `example at example.com1234` and `user at 192.0.2.1` as valid
 email addresses for `<input type=email />` fields. Chrome source with more
 test cases
 [https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/fast/forms/resources
 /ValidityState-typeMismatch-email.js;l=32?q=ValidityState-typeMismatch-
 email.js&ss=chromium here]

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/62038#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list