Email validation allows spaces

[kskrlin]

• Laravel Version: 5.8.11
• PHP Version: 7.3.4

Description:

Email validation doesn't fail when email contains spaces:
"test @ example .com", but fails here "test@example. com".
This seems as big bug to me.

Steps To Reproduce:

Tinker:

$validator = \Validator::make(['email' => 'test @ example .com'], ['email' => 'email']);

$validator->fails(); // throws false

[driesvints]

Laravel makes use of https://github.com/egulias/EmailValidator/ to do email validation so if you feel that this is a bug please open up an issue on their issue tracker: https://github.com/egulias/EmailValidator/issues

[kskrlin]

I don't "feel" this is a bug; this is a bug. Emails aren't allowed to have spaces.

Why package wasn't checked and/or tested before it was included into framework?
I will report this as issue, but your responsibility is also to validate packages before they are used as core, instead of just closing issues when you feel like it and referencing to others.

[devcircus]

According to the official spec, the local part of an email is allowed to have spaces. The domain should not though.

[kskrlin]

Why is this package even used for email validation?
Is there any valid reason? Default PHP filters are too strict?

Because, after we tested some strings, we get these results:
' @example.com' - fails with php filter_var, passes with package
'###@example.com' - passes with both
'$šte/-{st+email#@example.com' - fails with php filter_var, passes with package

This package only fails when there are more than 1 "@" symbol, quotes or space between dot and tld.

Why is this package considered "better" approach than default PHP filter_var function or even some other package?

Also, this bug with spaces is since 2014.

[dwightwatson]

Looks like this package is validating emails with spaces in the domain part.

(new EmailValidator)->isValid('dwight@ gmail.com', new RFCValidation) // true

This was problem was discussed further in #27875 but doesn't look like there's going to be any change here.

The package was introduced in #26503 so I suppose the other option is to break out your own custom email validation rule and use it in place.

[Dalamar]

According to the official spec, the local part of an email is allowed to have spaces.

It is not.
https://tools.ietf.org/html/rfc2822
Appendix B. Differences from earlier standards
19. CFWS within local-parts and domains not allowed.*

[Dalamar]

Please reopen this issue as the bug still exists and even affects the out-of-the-box registration flow.

I suggest making filter_var the default email validator.
Though we can still take an advantage of egulias/email-validator package by applying validation styles to email validator rules (rfc, dns, spoof, strict)

[michabbb]

hi there, as this problem still exists, i would be happy to know the optimal way to validate an email address in laravel, because using email:rfc obviously is useless. i guess email:strict is the best option to choose?

[dammixyz]

03:13 AM, September 30th, 2022. This problem still exists and it nearly ruined my project! Come on guys do something!

[michabbb]

@dammixyz for now, i am good with 'required|email:strict,dns|not_regex:/[ÄäÜüÖö]/'

[dammixyz]

Thank you for the heads up.

…

On Fri, Sep 30, 2022, 11:29 AM Micha(el) Bladowski ***@***.***> wrote: @dammixyz <https://github.com/dammixyz> for now, i am good with 'required|email:strict,dns|not_regex:/[ÄäÜüÖö]/' — Reply to this email directly, view it on GitHub <#28233 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALSECDMWZEM7OOSF3PRMRO3WA26ILANCNFSM4HGJFJQQ> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[fershopls]

@dammixyz for now, i am good with 'required|email:strict,dns|not_regex:/[ÄäÜüÖö]/'

This should be the default :D