In light of yesterday's security issue, I'd like to propose that we significantly dumb down the regex Django uses to validate email addresses.
Currently, the regex we use covers many common cases, but comes nowhere near covering the entire spectrum of addresses allowed by the RFC; several tickets are open regarding this. Trying to cover more of the RFC is possible, although supporting all valid email addresses is not (various regexes claim to do this, but full coverage is impossible -- the RFC is flexible enough WRT things like nested comments that I'm fairly certain no single regex can handle them all), and -- as we've seen -- attempts to cover a broader chunk of the RFC can introduce issues with performance. So what I'd like to propose is that EmailField essentially check that the value contains an '@', and a '.' somewhere after it. This will cover most addresses that are likely to be in actual use, and various confirmation processes can be used to rule out any invalid addresses which happen to slip through that. Meanwhile, people who want to support comments inside a bang path or other such exotic beasts can simply write their own regex for it and tell a form to use that instead. -- "Bureaucrat Conrad, you are technically correct -- the best kind of correct." --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---