[jira] [Commented] (JSPWIKI-1243) The email validation routine is incorrect

Sat, 15 Nov 2025 17:14:05 -0800 


    [ 
https://issues.apache.org/jira/browse/JSPWIKI-1243?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18038620#comment-18038620
 ] 

ASF subversion and git services commented on JSPWIKI-1243:
----------------------------------------------------------

Commit 62fa2746c39bebe15c89499ee93ce9f1d0ecb0fb in jspwiki's branch 
refs/heads/master from Alex O'Ree
[ https://gitbox.apache.org/repos/asf?p=jspwiki.git;h=62fa2746c ]

JSPWIKI-1239 a string length check added to prevent duplicate email check if 
the user does not specify one.
JSPWIKI-1243 fixes email validation for unicode and other symbols in email 
addresses (adds commons-validator as a dependency
prevent the attempt at sending an email address if it's not defined during new 
account signup
removes the ClearSiteData servlet filter which broke the CSRF token mechism


> The email validation routine is incorrect
> -----------------------------------------
>
>                 Key: JSPWIKI-1243
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-1243
>             Project: JSPWiki
>          Issue Type: Bug
>            Reporter: Alex O'Ree
>            Assignee: Alex O'Ree
>            Priority: Major
>
> the current email validation is regex based.
> > ^[0-9a-zA-Z-_.+]+@([0-9a-zA-Z-_]+\\.)+[a-zA-Z]+$
> which...is fine it will block many legitimate email addresses
> there's a lengthy discussion here
> [https://stackoverflow.com/questions/201323/how-can-i-validate-an-email-address-using-a-regular-expression]
>  
> to fix, we can either use the java api as a "more or less good enough 
> solution" or turn this into something stupid simple like, it needs at least 
> one character, followed by the at symbol, followed by at last least one more 
> symbol.
> issues with the current setup
>  * unicode, non-ascii characters, emojis (yes they can be in email addresses) 
> and i'm not sure but i think ip addresses may fail on this one.
> the RFC is very complex and what we have is fine for users with ascii email 
> addresses but that's a smaller percentage of the global population.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to