diff options
Diffstat (limited to 'django/core/validators.py')
| -rw-r--r-- | django/core/validators.py | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/django/core/validators.py b/django/core/validators.py index 731ccf2d46..b9b58dfa61 100644 --- a/django/core/validators.py +++ b/django/core/validators.py @@ -93,6 +93,7 @@ class URLValidator(RegexValidator): message = _('Enter a valid URL.') schemes = ['http', 'https', 'ftp', 'ftps'] unsafe_chars = frozenset('\t\r\n') + max_length = 2048 def __init__(self, schemes=None, **kwargs): super().__init__(**kwargs) @@ -100,7 +101,7 @@ class URLValidator(RegexValidator): self.schemes = schemes def __call__(self, value): - if not isinstance(value, str): + if not isinstance(value, str) or len(value) > self.max_length: raise ValidationError(self.message, code=self.code, params={'value': value}) if self.unsafe_chars.intersection(value): raise ValidationError(self.message, code=self.code, params={'value': value}) @@ -210,7 +211,9 @@ class EmailValidator: self.domain_allowlist = allowlist def __call__(self, value): - if not value or '@' not in value: + # The maximum length of an email is 320 characters per RFC 3696 + # section 3. + if not value or '@' not in value or len(value) > 320: raise ValidationError(self.message, code=self.code, params={'value': value}) user_part, domain_part = value.rsplit('@', 1) |