fix: email encoding should replace ALL allowed characters #4
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bug description
This is a historical bug that mailcheck library (the one we're replacing) has had since the beginning.
mailcheck encoded the email to prevent XSS, but kept some characters unencoded to be compliant with
RFC 5322
. However, their function to replace characters only replaced the first character, since they forgot to run the spaces globally.I noticed this while performing some tests of this library in our main application for ZooTools, an email with spaces like
[email protected]
was returned encodedDescription of change
I updated the regex to be run glob ally across every character. This will take a bit longer to validate the email, but it's blazing fast anyways and it's only run once when the email is being passed.
Pull-Request Checklist
main
branchnpm run lint
passes with this changenpm run test
passes with this changeFixes #0000