diff options
Diffstat (limited to 'django/core/validators.py')
| -rw-r--r-- | django/core/validators.py | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/django/core/validators.py b/django/core/validators.py index c73490588d..4a5835dbb0 100644 --- a/django/core/validators.py +++ b/django/core/validators.py @@ -104,6 +104,7 @@ class URLValidator(RegexValidator): message = _("Enter a valid URL.") schemes = ["http", "https", "ftp", "ftps"] unsafe_chars = frozenset("\t\r\n") + max_length = 2048 def __init__(self, schemes=None, **kwargs): super().__init__(**kwargs) @@ -111,7 +112,7 @@ class URLValidator(RegexValidator): self.schemes = schemes def __call__(self, value): - if not isinstance(value, str): + if not isinstance(value, str) or len(value) > self.max_length: raise ValidationError(self.message, code=self.code, params={"value": value}) if self.unsafe_chars.intersection(value): raise ValidationError(self.message, code=self.code, params={"value": value}) @@ -203,7 +204,9 @@ class EmailValidator: self.domain_allowlist = allowlist def __call__(self, value): - if not value or "@" not in value: + # The maximum length of an email is 320 characters per RFC 3696 + # section 3. + if not value or "@" not in value or len(value) > 320: raise ValidationError(self.message, code=self.code, params={"value": value}) user_part, domain_part = value.rsplit("@", 1) |