On 08/23/2012 09:39 AM, Sébastien BLAISOT wrote: > also, I think that email address validation should not be done by > javascript alone as it is client side and you can not rely on client > (javascript can be disable, altered, bypassed or whatever) resulting in > not validatied addresses sent to php server-side part of the application.
But you know, Roundcube uses javascript very extensively. So, disabled/altered/bypased or whatever would break Roundcube functionality at all, not only address validation ;) > Don't know how it is in roundcube, but I think that mail address > validation can take place client-side in javascript for better user > experience but should also be done server-side in php, ensuring outgoing > mail from roundcube are at least syntaxically correct (and limiting XSS > vulnerability risks). And that's how it's implemented in Roundcube ;) -- Aleksander 'A.L.E.C' Machniak LAN Management System Developer [http://lms.org.pl] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl _______________________________________________ Roundcube Development discussion mailing list dev@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/dev
