How come EmailField doesn't have any validation? | Django | Page 1

kindred oasis Jul 16, 2024, 4:37 PM

#

EmailField allows any string. If I have to add my own Validator to the form anyway, what's the point of having an EmailField in the first place? It seems completely useless.

#

Documentation about email field says 'A CharField that checks that the value is a valid email address using EmailValidator.' but there's not actually any validation in there. Bug?

topaz ridge Jul 16, 2024, 5:00 PM

#

Show evidence please

#

Rather sure there is no bug and validation is in place if used as documented

#

but who knows

snow quarry Jul 17, 2024, 12:17 AM

#

my guess is that the built-in validation is fairly simplistic, like looking for a @ and . in that order. Certainly the validation won't be able to tell you that (e.g.) fred.smith@gmail.com corresponds to an actual gmail account whereas totally.made.up.name@live.com does not correspond to a live.com account.

proper rampart Jul 17, 2024, 2:55 PM

#

@kindred oasis you may need to describe how you are using it. There are several cases that field validators are not called. And because they are not applied at the db level, if anyone passes the validation at Python level, there won't be another "is this a valid email" check

kindred oasis Jul 17, 2024, 2:59 PM

#

@proper rampart You are correct. I was directly saving the model instead of using a modelform, so there was no validation from Django's side and because an emailfield is represented as a charfield in my db the db didn't prevent it either. Apparantly this is standard Django behaviour I wasn't aware of. I found this relevant bit in the docs:

See the form validation for more information on how validators are run in forms, and Validating objects for how they’re run in models. Note that validators will not be run automatically when you save a model, but if you are using a ModelForm, it will run your validators on any fields that are included in your form. See the ModelForm documentation for information on how model validation interacts with forms.

proper rampart Jul 17, 2024, 3:00 PM

#

@kindred oasis yep, that's one of the things I don't like about the models 🙂 I think calling the clean_fields (or whatever was the name) in save() solves it but it also changes couple other errors (db integrity errors to django-level validation errors) so there may be some side effects

wintry sand Jul 17, 2024, 3:00 PM

#

You can manually run clean on a model, but yeah it's not run by default when you run save

kindred oasis Jul 17, 2024, 3:04 PM

#

Yes, it was confusing/unexpected for me as well when I saw a bunch of attempted SQL injections in my EmailField hihi. Anyway, thanks everyone for the help

#How come EmailField doesn't have any validation?