Le 2012-08-23 09:44, A.L.E.C a écrit :
> But you know, Roundcube uses javascript very extensively. So, disabled/altered/bypased or whatever would break Roundcube functionality at all, not only address validation ;) Yes, I'm aware of that. But using tools like "developper toolbar" or "Firebug" firefox extensions, you can always manipulate data before sending to roundcube server-side php to bypass, by exemple, a javascript validation. >> Don't know how it is in roundcube, but I think that mail address validation can take place client-side in javascript for better user experience but should also be done server-side in php, ensuring outgoing mail from roundcube are at least syntaxically correct (and limiting XSS vulnerability risks). > > And that's how it's implemented in Roundcube ;) ok, cool. regards, S.B.
_______________________________________________ Roundcube Development discussion mailing list dev@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/dev
