Skip to content

Commit

Permalink
Merge pull request #26 from substancelab/harden
Browse files Browse the repository at this point in the history 
Reject a few more invalid cases
  • Loading branch information
@koppen
koppen authored Dec 15, 2021
2 parents 59a3f22 + f2e9eb1 commit 132704e
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 5 deletions.
16 changes: 11 additions & 5 deletions lib/activemodel_email_address_validator/email_address.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,20 +20,26 @@ def valid?(regex = nil)

attr_reader :address

def valid_host?(host)
/^([^,. ~]+\.)+[a-z]+$/.match?(host)
end

def valid_user?(user)
/^([^.]+\S)*[^.]+$/.match?(user)
end

def valid_using_regex?(regex)
address.to_s =~ regex
end

def valid_using_default?
return false if /\s+/.match?(address)
email_parts = address.split("@", -1)
return false if /(\s|["'<>])+/.match?(address)

email_parts = address.split("@", -1)
return false unless email_parts.size == 2

user, host = *email_parts
return false unless /^([^.]+\S)*[^. ]+$/.match?(user)
return false unless /^([^,. ~]+\.)+[^,. ]+$/.match?(host)
true
valid_user?(user) && valid_host?(host)
end
end
end
15 changes: 15 additions & 0 deletions test/activemodel-email_address_validator/test_email_address.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,21 @@ def test_handles_long_failing_strings
reject("fernandeztorralbofrancisco@sabadellatlantico.")
end

def test_rejects_ip_addresses
reject("email@123.123.12.123")
end

def test_rejects_script_injection
reject("email_<script></script>_123@example.co.in")
end

def test_rejects_username_with_quotation_mark
reject('email"123@example.com')
reject('email123@exa"mple.com')
reject("email'123@example.com")
reject("email123@exa'mple.com")
end

private

def accept(email_address)
Expand Down

0 comments on commit 132704e

Please sign in to comment.