diff --git a/README.md b/README.md
index c7518fd41..b25e66a68 100644
--- a/README.md
+++ b/README.md
@@ -106,11 +106,11 @@ Validator | Description
**isDecimal(str [, options])** | check if the string represents a decimal number, such as 0.1, .3, 1.1, 1.00003, 4.0, etc.
`options` is an object which defaults to `{force_decimal: false, decimal_digits: '1,', locale: 'en-US'}`.
`locale` determines the decimal separator and is one of `['ar', 'ar-AE', 'ar-BH', 'ar-DZ', 'ar-EG', 'ar-IQ', 'ar-JO', 'ar-KW', 'ar-LB', 'ar-LY', 'ar-MA', 'ar-QA', 'ar-QM', 'ar-SA', 'ar-SD', 'ar-SY', 'ar-TN', 'ar-YE', 'bg-BG', 'cs-CZ', 'da-DK', 'de-DE', 'el-GR', 'en-AU', 'en-GB', 'en-HK', 'en-IN', 'en-NZ', 'en-US', 'en-ZA', 'en-ZM', 'eo', 'es-ES', 'fa', 'fa-AF', 'fa-IR', 'fr-FR', 'fr-CA', 'hu-HU', 'id-ID', 'it-IT', 'ku-IQ', 'nb-NO', 'nl-NL', 'nn-NO', 'pl-PL', 'pl-Pl', 'pt-BR', 'pt-PT', 'ru-RU', 'sl-SI', 'sr-RS', 'sr-RS@latin', 'sv-SE', 'tr-TR', 'uk-UA', 'vi-VN']`.
**Note:** `decimal_digits` is given as a range like '1,3', a specific value like '3' or min like '1,'.
**isDivisibleBy(str, number)** | check if the string is a number that is divisible by another.
**isEAN(str)** | check if the string is an [EAN (European Article Number)][European Article Number].
-**isEmail(str [, options])** | check if the string is an email.
`options` is an object which defaults to `{ allow_display_name: false, require_display_name: false, allow_utf8_local_part: true, require_tld: true, allow_ip_domain: false, allow_underscores: false, domain_specific_validation: false, blacklisted_chars: '', host_blacklist: [] }`. If `allow_display_name` is set to true, the validator will also match `Display Name `. If `require_display_name` is set to true, the validator will reject strings without the format `Display Name `. If `allow_utf8_local_part` is set to false, the validator will not allow any non-English UTF8 character in email address' local part. If `require_tld` is set to false, email addresses without a TLD in their domain will also be matched. If `ignore_max_length` is set to true, the validator will not check for the standard max length of an email. If `allow_ip_domain` is set to true, the validator will allow IP addresses in the host part. If `domain_specific_validation` is true, some additional validation will be enabled, e.g. disallowing certain syntactically valid email addresses that are rejected by Gmail. If `blacklisted_chars` receives a string, then the validator will reject emails that include any of the characters in the string, in the name part. If `host_blacklist` is set to an array of strings and the part of the email after the `@` symbol matches one of the strings defined in it, the validation fails. If `host_whitelist` is set to an array of strings and the part of the email after the `@` symbol matches none of the strings defined in it, the validation fails.
+**isEmail(str [, options])** | check if the string is an email.
`options` is an object which defaults to `{ allow_display_name: false, require_display_name: false, allow_utf8_local_part: true, allow_idn:true, require_tld: true, allow_ip_domain: false, allow_underscores: false, domain_specific_validation: false, blacklisted_chars: '', host_blacklist: [] }`. If `allow_display_name` is set to true, the validator will also match `Display Name `. If `require_display_name` is set to true, the validator will reject strings without the format `Display Name `. If `allow_utf8_local_part` is set to false, the validator will not allow any non-English UTF8 character in email address' local part. If `allow_idn` is set to false, the validator will not allow any non-English UTF8 character in the domain name. If `require_tld` is set to false, email addresses without a TLD in their domain will also be matched. If `ignore_max_length` is set to true, the validator will not check for the standard max length of an email. If `allow_ip_domain` is set to true, the validator will allow IP addresses in the host part. If `domain_specific_validation` is true, some additional validation will be enabled, e.g. disallowing certain syntactically valid email addresses that are rejected by Gmail. If `blacklisted_chars` receives a string, then the validator will reject emails that include any of the characters in the string, in the name part. If `host_blacklist` is set to an array of strings and the part of the email after the `@` symbol matches one of the strings defined in it, the validation fails. If `host_whitelist` is set to an array of strings and the part of the email after the `@` symbol matches none of the strings defined in it, the validation fails.
**isEmpty(str [, options])** | check if the string has a length of zero.
`options` is an object which defaults to `{ ignore_whitespace: false }`.
**isEthereumAddress(str)** | check if the string is an [Ethereum][Ethereum] address. Does not validate address checksums.
**isFloat(str [, options])** | check if the string is a float.
`options` is an object which can contain the keys `min`, `max`, `gt`, and/or `lt` to validate the float is within boundaries (e.g. `{ min: 7.22, max: 9.55 }`) it also has `locale` as an option.
`min` and `max` are equivalent to 'greater or equal' and 'less or equal', respectively while `gt` and `lt` are their strict counterparts.
`locale` determines the decimal separator and is one of `['ar', 'ar-AE', 'ar-BH', 'ar-DZ', 'ar-EG', 'ar-IQ', 'ar-JO', 'ar-KW', 'ar-LB', 'ar-LY', 'ar-MA', 'ar-QA', 'ar-QM', 'ar-SA', 'ar-SD', 'ar-SY', 'ar-TN', 'ar-YE', 'bg-BG', 'cs-CZ', 'da-DK', 'de-DE', 'en-AU', 'en-GB', 'en-HK', 'en-IN', 'en-NZ', 'en-US', 'en-ZA', 'en-ZM', 'eo', 'es-ES', 'fr-CA', 'fr-FR', 'hu-HU', 'it-IT', 'nb-NO', 'nl-NL', 'nn-NO', 'pl-PL', 'pt-BR', 'pt-PT', 'ru-RU', 'sl-SI', 'sr-RS', 'sr-RS@latin', 'sv-SE', 'tr-TR', 'uk-UA']`. Locale list is `validator.isFloatLocales`.
-**isFQDN(str [, options])** | check if the string is a fully qualified domain name (e.g. domain.com).
`options` is an object which defaults to `{ require_tld: true, allow_underscores: false, allow_trailing_dot: false, allow_numeric_tld: false, allow_wildcard: false, ignore_max_length: false }`. If `allow_wildcard` is set to true, the validator will allow domain starting with `*.` (e.g. `*.example.com` or `*.shop.example.com`).
+**isFQDN(str [, options])** | check if the string is a fully qualified domain name (e.g. domain.com).
`options` is an object which defaults to `{ require_tld: true, allow_underscores: false, allow_trailing_dot: false, allow_numeric_tld: false, allow_wildcard: false, allow_idn: true, ignore_max_length: false }`. If `allow_wildcard` is set to true, the validator will allow domain starting with `*.` (e.g. `*.example.com` or `*.shop.example.com`). If `allow_idn` is set to false, the validator will not allow any non-English UTF8 character in the domain name.
**isFreightContainerID(str)** | alias for `isISO6346`, check if the string is a valid [ISO 6346](https://en.wikipedia.org/wiki/ISO_6346) shipping container identification.
**isFullWidth(str)** | check if the string contains any full-width chars.
**isHalfWidth(str)** | check if the string contains any half-width chars.
diff --git a/src/lib/isEmail.js b/src/lib/isEmail.js
index 1aceca3cf..308f522d4 100644
--- a/src/lib/isEmail.js
+++ b/src/lib/isEmail.js
@@ -10,6 +10,7 @@ const default_email_options = {
allow_underscores: false,
require_display_name: false,
allow_utf8_local_part: true,
+ allow_idn: true,
require_tld: true,
blacklisted_chars: '',
ignore_max_length: false,
@@ -144,6 +145,7 @@ export default function isEmail(str, options) {
require_tld: options.require_tld,
ignore_max_length: options.ignore_max_length,
allow_underscores: options.allow_underscores,
+ allow_idn: options.allow_idn,
})) {
if (!options.allow_ip_domain) {
return false;
diff --git a/src/lib/isFQDN.js b/src/lib/isFQDN.js
index eb6928fda..394b76387 100644
--- a/src/lib/isFQDN.js
+++ b/src/lib/isFQDN.js
@@ -7,6 +7,7 @@ const default_fqdn_options = {
allow_trailing_dot: false,
allow_numeric_tld: false,
allow_wildcard: false,
+ allow_idn: true,
ignore_max_length: false,
};
@@ -71,6 +72,11 @@ export default function isFQDN(str, options) {
return false;
}
+ // verify if domain is IDN
+ if (!options.allow_idn && !/^[a-z0-9-_]+$/i.test(part)) {
+ return false;
+ }
+
return true;
});
}
diff --git a/test/validators.test.js b/test/validators.test.js
index 8335477a2..fca3ddc16 100644
--- a/test/validators.test.js
+++ b/test/validators.test.js
@@ -140,6 +140,29 @@ describe('Validators', () => {
});
});
+ it('should not validate email addresses with non-ASCII domain names if allow_idn is set to false', () => {
+ test({
+ validator: 'isEmail',
+ args: [{ allow_idn: false }],
+ valid: [],
+ invalid: [
+ 'ka25maj@gˇmail.com',
+ 'i18n@exampلe.com',
+ 'i18n@EXАМПЛЕ.com',
+ 'i18n@exамple.com',
+ 'i18n@éxample.com',
+ 'i18n@eßample.com',
+ 'i18n@EXΑΜΠΛΕ.com',
+ 'i18n@exαmple.com',
+ 'i18n@exampłe.com',
+ 'i18n@eซample.com',
+ 'i18n@例題.com',
+ 'i18n@例え.com',
+ 'i18n@사례.com',
+ ],
+ });
+ });
+
it('should validate email addresses with display names', () => {
test({
validator: 'isEmail',
@@ -828,6 +851,29 @@ describe('Validators', () => {
});
});
+ it('should not validate URLs with non-ASCII domain names if allow_idn is set to false', () => {
+ test({
+ validator: 'isURL',
+ args: [{ allow_idn: false }],
+ valid: [],
+ invalid: [
+ 'gˇmail.com',
+ 'exampلe.com',
+ 'EXАМПЛЕ.com',
+ 'exамple.com',
+ 'éxample.com',
+ 'eßample.com',
+ 'EXΑΜΠΛΕ.com',
+ 'exαmple.com',
+ 'exampłe.com',
+ 'eซample.com',
+ '例題.com',
+ '例え.com',
+ '사례.com',
+ ],
+ });
+ });
+
it('should validate MAC addresses', () => {
test({
validator: 'isMACAddress',