-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PIN-4810 clear tenant mail address #985
base: main
Are you sure you want to change the base?
Conversation
|
||
// Here I am removing strange characters or special symbols | ||
const sanitizedMail = removeExtraSpace | ||
.replace(/[^\w.@-_]/g, "") |
Check warning
Code scanning / CodeQL
Overly permissive regular expression range Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 3 days ago
To fix the problem, we need to adjust the regular expression to avoid the overly permissive range. Specifically, we should remove the redundant underscore _
from the range and explicitly list the characters we want to include. The corrected regular expression should only include the characters that are not part of \w
but are still allowed in the sanitized email address.
- Update the regular expression on line 1758 to explicitly list the allowed special characters.
- Ensure that the new regular expression does not overlap with the
\w
character class.
-
Copy modified lines R1758-R1759
@@ -1757,4 +1757,4 @@ | ||
const sanitizedMail = removeExtraSpace | ||
.replace(/[^\w.@-_]/g, "") | ||
.replace(/\^/g, ""); | ||
.replace(/[^\w.@-]/g, "") | ||
.replace(/[\^_]/g, ""); | ||
|
@@ -1751,4 +1740,51 @@ async function revokeCertifiedAttribute( | |||
} satisfies Tenant; | |||
} | |||
|
|||
function validateAddress(address: string): string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMHO there are too many steps in order to validate a mail, are these really necessary?
With the regex we don't need the extra steps of removing characters and spaces since it's already included.
I suggest to use this one: ^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}$
(taken from here)? Note: the regex must be case insensitive for it to work properly.
There's no perfect regex for validating a mail, but this one is simpler and covers most of the cases.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would prefer to leave emailPattern
as it is so that it is aligned with the frontend as well, since it is the same pattern they use
No description provided.