[3.2.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator.

Thanks Seokchan Yoon for reports.
author: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2023-06-14 12:23:06 +0200
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2023-07-03 08:32:26 +0200
commit: 454f2fb93437f98917283336201b4048293f7582 (patch)
tree: 6c0c1bf6d7b1c5c367cd4928a4d7e6e10638d7b9 /django/forms/fields.py
parent: 07cc014cb30bc3c343a25c81aad6820bbc72c0d9 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/django/forms/fields.py b/django/forms/fields.py
index 0214d60c1c..8adb09e382 100644
--- a/django/forms/fields.py
+++ b/django/forms/fields.py
@@ -540,6 +540,9 @@ class EmailField(CharField):
     default_validators = [validators.validate_email]
 
     def __init__(self, **kwargs):
+        # The default maximum length of an email is 320 characters per RFC 3696
+        # section 3.
+        kwargs.setdefault("max_length", 320)
         super().__init__(strip=True, **kwargs)
author	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2023-06-14 12:23:06 +0200
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2023-07-03 08:32:26 +0200
commit	454f2fb93437f98917283336201b4048293f7582 (patch)
tree	6c0c1bf6d7b1c5c367cd4928a4d7e6e10638d7b9 /django/forms/fields.py
parent	07cc014cb30bc3c343a25c81aad6820bbc72c0d9 (diff)