+1 http://nedbatchelder.com/blog/200908/humane_email_validation.html
I was going to kibbitz on the fix (removing a single * would have sufficed), and realized we were once again in the quagmire of email regex validation. --Ned. James Bennett wrote: > In light of yesterday's security issue, I'd like to propose that we > significantly dumb down the regex Django uses to validate email > addresses. > > Currently, the regex we use covers many common cases, but comes > nowhere near covering the entire spectrum of addresses allowed by the > RFC; several tickets are open regarding this. Trying to cover more of > the RFC is possible, although supporting all valid email addresses is > not (various regexes claim to do this, but full coverage is impossible > -- the RFC is flexible enough WRT things like nested comments that I'm > fairly certain no single regex can handle them all), and -- as we've > seen -- attempts to cover a broader chunk of the RFC can introduce > issues with performance. > > So what I'd like to propose is that EmailField essentially check that > the value contains an '@', and a '.' somewhere after it. This will > cover most addresses that are likely to be in actual use, and various > confirmation processes can be used to rule out any invalid addresses > which happen to slip through that. Meanwhile, people who want to > support comments inside a bang path or other such exotic beasts can > simply write their own regex for it and tell a form to use that > instead. > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
