click-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bob Schellink (Commented) (JIRA)" <>
Subject [jira] [Commented] (CLK-778) EmailField Data Validation Is Insufficient
Date Thu, 05 Apr 2012 06:03:33 GMT


Bob Schellink commented on CLK-778:

The standard for email address syntax is called RFC2822:

To implement it correctly is not easy:

Here is an article providing a more realistic implementation with explanations of the tradeoffs:

Click's email validation is very lenient. We could improve it slightly by ensuring only one
'@' character and not more than two periods after the @ sign or switch to a regular expression.
My only concern with regex is what if valid email addresses are not validate which would break
backward compatibility?

We also need to keep in mind that we have both Java and JavaScript validation that needs to
be kept in sync with each other.
> EmailField Data Validation Is Insufficient
> ------------------------------------------
>                 Key: CLK-778
>                 URL:
>             Project: Click
>          Issue Type: Bug
>          Components: extras
>            Reporter: Clint Lawrence
>            Assignee: Naoki Takezoe
> In the Click Extras project, the current EmailField validation does not sufficiently
limit user input to the format of an email address.  As an example, I loaded the Avoka examples
site and was able to successfully submit the following as an email address in the Extra Form
Controls page:
> For my own use I have extended EmailField with the following additional validation logic:
>     private static final Pattern EMAIL_ADDRESS_REGEX_PATTERN = Pattern.compile("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,4}$",
>     ...
>     @Override
>     public void validate() {
>         super.validate();
>         if (EMAIL_ADDRESS_REGEX_PATTERN.matcher(StringUtils.trimToEmpty(this.value)).matches())
>         {
>             this.setErrorMessage("email-format-error");
>         }
>     }

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message