Use WHATWG URL for url and email validation

[stevenvachon]

Via universal-url as it covers far more edge cases such as IDNAs and IPv6 than a simple regex will.

const isEmail = email => {
  try {
    const url = new URL(`mailto:${email}`);
    return url.search === '';
  } catch (error) {
    return false;
  }
};

const isURL = url => {
  try {
    url = new URL(url);
    return url.protocol === 'http' || url.protocol === 'https' || url.protocol === 'ftp';
  } catch (error) {
    return false;
  }
};

[ljharb]

In order to do that, we'd have to ship the entire URL polyfill to browsers - or require that users do it. The polyfill still seems prohibitively large.

(also, in general, email validation that's anything more than "it has an @, and you can receive an email sent to it" is useless, so I'm not interested in making email validation "better", when it needs to be reduced, not increased)

[stevenvachon]

URL is correct and complete while this library's regex is neither. File size concerns are addressed via universal-url-lite.

Checking an email address for a correct IDNA is no less useful than checking a URL for the same. Email servers adhere to the same IP and DNS rules as a web server.

[ljharb]

They're slightly different, a@b is a valid email address. The only way you can correctly validate an email address is to send it an email with a secret, and verify receipt of the secret.

To clarify: does universal-url include 100% of the unicode compliance it needs, and then universal-url-lite only fails on IDNA URLs?

[stevenvachon]

mailto:a@b is a valid URL as well, but I would think that a@:*&^: is not a valid email address. However: jsdom/whatwg-url#98

universal-url is, to my knowledge, 100% TR46 compliant. universal-url-lite has two shims, one with incomplete TR46 and one that relies on the native browser implementation, which all are currently incomplete.

[ljharb]

It would help if you could provide sets of non-IDNA test cases that pass with your shim, but fail with the current implementation - that would help me understand the risk/reward.

[stevenvachon]

require("forms/lib/validators").url(false)(null, {
  data: "http://[2001:0db8:85a3:0000:0000:8a2e:0370:7334]"
}, result => console.log(result))
//-> Please enter a valid URL.

[ljharb]

Thanks - so, these are the categories of URLs that using universal-url would allow to be valid:

• IPv6 URLs
• IDNA URLs
• alternative protocol URLs

These are the categories of URLs that currently already work:

• ascii URLs
• IPv4 URLs
• http/https/ftp URLs

Any others?

[stevenvachon]

This library currently only supports http, https and ftp.

[ljharb]

OK, I've edited my list above. Any other categories?

[stevenvachon]

That's all I can think of at the moment.