+1
http://nedbatchelder.com/blog/200908/humane_email_validation.html
I was going to kibbitz on the fix (removing a single * would have
sufficed), and realized we were once again in the quagmire of email
regex validation.
--Ned.
James Bennett wrote:
> In light of yesterday's security issue, I
On Sat, Oct 10, 2009 at 9:35 PM, James Bennett wrote:
>
> In light of yesterday's security issue, I'd like to propose that we
> significantly dumb down the regex Django uses to validate email
> addresses.
>
> Currently, the regex we use covers many common cases, but comes
> nowhere near covering
Ned,
You really ought to show us all how to use that time machine. :)
On Oct 10, 2009, at 8:49 AM, Ned Batchelder
wrote:
>
> +1
>
> http://nedbatchelder.com/blog/200908/humane_email_validation.html
>
> I was going to kibbitz on the fix (removing a single * would have
> sufficed), and real
On Oct 10, 9:35 am, James Bennett wrote:
> So what I'd like to propose is that EmailField essentially check that
> the value contains an '@', and a '.' somewhere after it. This will
> cover most addresses that are likely to be in actual use, and various
> confirmation processes can be used to rul
> 1) If we encourage people to write their own regex if they want
> tighter email validation, we run the risk that users will
> inadvertently introduce the same bug that we have just fixed.
Russell raises my biggest concern with this proposal. There are
a lot of smart folks in the Django-Devel
> Russell raises my biggest concern with this proposal. There are
> a lot of smart folks in the Django-Developers end of things that
> can cobble together a pretty legit regexp that covers the
> majority of cases with no horrific DOS cases (e.g. last security
> issue).
>
...
> My initial candida