User can be created with malformed email #4997

New Issue

OVERLORD · 2026-02-05T09:32:19+03:00

OVERLORD commented

2026-02-05 09:32:19 +03:00

Originally created by @vmario89 on GitHub (Oct 10, 2024).

Describe the Bug

With recent Bookstack we can create buggy users, which will never get an email.

Steps to Reproduce

go to /settings/users and create a new user

Expected Behaviour

Please add some validator scheme. i expect to be allowed to enter only valid mail addresses like mail@domain.tld

Screenshots or Additional Context

Browser Details

No response

Exact BookStack Version

v24.10

Originally created by @vmario89 on GitHub (Oct 10, 2024). ### Describe the Bug With recent Bookstack we can create buggy users, which will never get an email. ### Steps to Reproduce go to /settings/users and create a new user ### Expected Behaviour Please add some validator scheme. i expect to be allowed to enter only valid mail addresses like mail@domain.tld ### Screenshots or Additional Context ![grafik](https://github.com/user-attachments/assets/d52da923-87bb-45a0-bac2-f84cff680920) ### Browser Details _No response_ ### Exact BookStack Version v24.10

OVERLORD added the 🐛 Bug label 2026-02-05 09:32:19 +03:00

OVERLORD closed this issue

2026-02-05 09:32:21 +03:00

OVERLORD commented

2026-02-05 09:32:23 +03:00

@ssddanbrown commented on GitHub (Oct 10, 2024):

Hi @vmario89,

Emails without an TLD can technically be valid. Here's a fun list: https://en.m.wikipedia.org/wiki/Email_address#Valid_email_addresses
I don't want to complicate things up to, what would effectively be, attempting to prevent user error since that can occur anyway via mispelling, and this isn't something that's been previously reported as an issue in the last 9 years either.

@ssddanbrown commented on GitHub (Oct 10, 2024): Hi @vmario89, Emails without an TLD can technically be valid. Here's a fun list: https://en.m.wikipedia.org/wiki/Email_address#Valid_email_addresses I don't want to complicate things up to, what would effectively be, attempting to prevent user error since that can occur anyway via mispelling, and this isn't something that's been previously reported as an issue in the last 9 years either.

OVERLORD commented

2026-02-05 09:32:26 +03:00

@vmario89 commented on GitHub (Oct 10, 2024):

Hi. thanks for the answer. I understand your arguments and agree with the practical side. I just was wondering because i never have seen it anywhere else. I just reported it, because it happened to me randomly when typing the mail address and hitting enter, seeing that the input was accepted

admin@example (local domain name with no [TLD](https://en.m.wikipedia.org/wiki/Top-level_domain), although ICANN highly discourages dotless email addresses[[31]](https://en.m.wikipedia.org/wiki/Email_address#cite_note-31)) - technically you are right and it might be a breaking change for some setups of existing bookstack instances. So i am closing this

@vmario89 commented on GitHub (Oct 10, 2024): Hi. thanks for the answer. I understand your arguments and agree with the practical side. I just was wondering because i never have seen it anywhere else. I just reported it, because it happened to me randomly when typing the mail address and hitting enter, seeing that the input was accepted `admin@example (local domain name with no [TLD](https://en.m.wikipedia.org/wiki/Top-level_domain), although ICANN highly discourages dotless email addresses[[31]](https://en.m.wikipedia.org/wiki/Email_address#cite_note-31))` - technically you are right and it might be a breaking change for some setups of existing bookstack instances. So i am closing this

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#4997