#Nick k - address validation

hey there, can you be more specific about what you mean? ie, where are you seeing this and what would you expect to happen instead? is it causing problems for you?

Hi, @restive garnet ! Sure, we have an Android app that uses the Stripe SDK, and the UI that it includes to add payment methods. Our QA team is reporting that they can enter practically anything into the address fields and Stripe will accept it w/no validation errors.

So we just want to understand if this is by design, for good reason, or if we should add additional validation on the client side

Our QA team is expecting that if a user enters an "invalid" address, then they would get some sort of validation error to inform the user and reject invalid addresses either due to mistake, or fraud.

What sort of address inputs, exactly? Is this in a Stripe-provided UI, or are you sending your own address collection data to the API?

There should be some validation, for example, on postal codes

but not on names, line 1 address etc

example:

this is a video our QA team provided to demonstrate the issue. My understanding is that we are using the UI included in the Stripe Android SDK

Out Android developer says that the fields are private (part of the SDK) so it's not easy to intercept and add additional validation

I can send video separately if needed

i was going to say, you might want to remove that

did you get a chance to see though?

basically they put gibberish into all the inputs

i didn't get to that point, no. But generally aside from postal code validation to match the country I don't expect validation, no

Country: Algeria
Name: aa
Address 1: ,tut
Address 2: ,,,
City: POTATOE
State / Province / Region: +6((75_+5(*
ZIP/Postal Code: _(+6_)86*+6
Phone number: hi!fhj!djgmcycjy

The Stripe SDK accepted this input, for example

Let me know if you need more information. Our QA team is recommending that we add our own custom validation to disallow special chars etc, but engineering is concerned about potential side effects / bugs by adding additional custom validation.

So again, just trying to understand why Stripe allows such inputs

Can you confirm if you're using the paymentsession vs the individual components?
https://stripe.com/docs/mobile/android/basic

Or which other specific UI element is this? eg PaymentSheet

sorry, was stuck in a meeting... let me check.

Our Android developer indicates we're using paymentsession

@dawn igloo I don't think we have specific validation in that case for this. I'd recommend filing feature request as a github issue on https://github.com/stripe/stripe-android/

Can you please clarify? Are you indicating there is no address validation at all when adding a payment method?

It's hard to clarify as I don't really grasp your ask unfortunately. If you're asking "should we block ! and ++ and # in address fields" we don't. If you're asking "do we validate that the State/Province matches the country/is valid" we don't but we should. If you're asking "why can I enter letters in phone number in the UI" then we also should validate. Those are feature requests

If you're asking if Stripe validates any of the address info, we don't. We don't really have a way to validate someone's address and where they live. We send the information to the bank, but the vast majority of banks ignore everything bust the postal code (and even that it's mostly US/UK/CA and nothing else)

I see. That clarifies it greatly for me!

thank you so much!