Update regexp pattern to safer one (#12104)

Fixes: https://github.com/vaadin/framework/issues/7757
author: Tatu Lund <tatu@vaadin.com> 2020-09-30 16:29:29 +0300
committer: GitHub <noreply@github.com> 2020-09-30 16:29:29 +0300
commit: 17f5c1b6693892e00a4c2379d621043ef077f24e (patch)
tree: da25e6f3264afb12013a1194b13c21d44528319c /server/src
parent: 58bcc95f15a0c7bf032daabd885ba76984a789ee (diff)
download: vaadin-framework-17f5c1b6693892e00a4c2379d621043ef077f24e.tar.gz
vaadin-framework-17f5c1b6693892e00a4c2379d621043ef077f24e.zip
2 files changed, 13 insertions, 2 deletions
diff --git a/server/src/main/java/com/vaadin/data/validator/EmailValidator.java b/server/src/main/java/com/vaadin/data/validator/EmailValidator.java
index 63cd0211a2..4d1a5406be 100644
--- a/server/src/main/java/com/vaadin/data/validator/EmailValidator.java
+++ b/server/src/main/java/com/vaadin/data/validator/EmailValidator.java
@@ -34,6 +34,12 @@ package com.vaadin.data.validator;
 @SuppressWarnings("serial")
 public class EmailValidator extends RegexpValidator {
 
+    private static final String PATTERN = "^" + "([a-zA-Z0-9_\\.\\-+])+" // local
+            + "@" + "[a-zA-Z0-9-.]+" // domain
+            + "\\." + "[a-zA-Z0-9-]{2,}" // tld
+            + "$";
+
+     
     /**
      * Creates a validator for checking that a string is a syntactically valid
      * e-mail address.
@@ -42,7 +48,6 @@ public class EmailValidator extends RegexpValidator {
      *            the message to display in case the value does not validate.
      */
     public EmailValidator(String errorMessage) {
-        super("^([a-zA-Z0-9_\\.\\-+])+@(([a-zA-Z0-9-])+\\.)+([a-zA-Z0-9]{2,4})+$",
-                true, errorMessage);
+        super(PATTERN, true, errorMessage);
     }
 }
diff --git a/server/src/test/java/com/vaadin/tests/data/validator/EmailValidatorTest.java b/server/src/test/java/com/vaadin/tests/data/validator/EmailValidatorTest.java
index 97d304d7df..d9004f59b0 100644
--- a/server/src/test/java/com/vaadin/tests/data/validator/EmailValidatorTest.java
+++ b/server/src/test/java/com/vaadin/tests/data/validator/EmailValidatorTest.java
@@ -28,4 +28,10 @@ public class EmailValidatorTest {
     public void testEmailValidatorWithOkEmail() {
         Assert.assertTrue(validator.isValid("my.name@email.com"));
     }
+
+    @Test
+    public void testEmailValidatorWithBadInput() {
+        Assert.assertFalse(validator.isValid("a@a.m5qRt8zLxQG4mMeu9yKZm5qRt8zLxQG4mMeu9yKZm5qRt8zLxQG4mMeu9yKZ&"));
+    }
+
 }
author	Tatu Lund <tatu@vaadin.com>	2020-09-30 16:29:29 +0300
committer	GitHub <noreply@github.com>	2020-09-30 16:29:29 +0300
commit	17f5c1b6693892e00a4c2379d621043ef077f24e (patch)
tree	da25e6f3264afb12013a1194b13c21d44528319c /server/src
parent	58bcc95f15a0c7bf032daabd885ba76984a789ee (diff)
download	vaadin-framework-17f5c1b6693892e00a4c2379d621043ef077f24e.tar.gz vaadin-framework-17f5c1b6693892e00a4c2379d621043ef077f24e.zip