From dab04b89af91467e9a95ffaf30c1904fce7fff47 Mon Sep 17 00:00:00 2001 From: greg Date: Mon, 20 Jan 2025 08:49:37 +0100 Subject: [5.2.x] Fixed #36017 -- Used EmailValidator in urlize to detect emails. Backport of 61dae11df52fae71fc3050974ac459f362c9dfd7 from main. --- django/utils/html.py | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) (limited to 'django/utils') diff --git a/django/utils/html.py b/django/utils/html.py index 10036c38c4..ab1363e2de 100644 --- a/django/utils/html.py +++ b/django/utils/html.py @@ -8,7 +8,8 @@ from collections.abc import Mapping from html.parser import HTMLParser from urllib.parse import parse_qsl, quote, unquote, urlencode, urlsplit, urlunsplit -from django.core.exceptions import SuspiciousOperation +from django.core.exceptions import SuspiciousOperation, ValidationError +from django.core.validators import EmailValidator from django.utils.deprecation import RemovedInDjango60Warning from django.utils.encoding import punycode from django.utils.functional import Promise, cached_property, keep_lazy, keep_lazy_text @@ -463,20 +464,9 @@ class Urlizer: @staticmethod def is_email_simple(value): """Return True if value looks like an email address.""" - # An @ must be in the middle of the value. - if "@" not in value or value.startswith("@") or value.endswith("@"): - return False try: - p1, p2 = value.split("@") - except ValueError: - # value contains more than one @. - return False - # Max length for domain name labels is 63 characters per RFC 1034. - # Helps to avoid ReDoS vectors in the domain part. - if len(p2) > 63: - return False - # Dot must be in p2 (e.g. example.com) - if "." not in p2 or p2.startswith("."): + EmailValidator(allowlist=[])(value) + except ValidationError: return False return True -- cgit v1.3