Ned, You really ought to show us all how to use that time machine. :)
On Oct 10, 2009, at 8:49 AM, Ned Batchelder <n...@nedbatchelder.com> wrote: > > +1 > > http://nedbatchelder.com/blog/200908/humane_email_validation.html > > I was going to kibbitz on the fix (removing a single * would have > sufficed), and realized we were once again in the quagmire of email > regex validation. > > --Ned. > > James Bennett wrote: >> In light of yesterday's security issue, I'd like to propose that we >> significantly dumb down the regex Django uses to validate email >> addresses. >> >> Currently, the regex we use covers many common cases, but comes >> nowhere near covering the entire spectrum of addresses allowed by the >> RFC; several tickets are open regarding this. Trying to cover more of >> the RFC is possible, although supporting all valid email addresses is >> not (various regexes claim to do this, but full coverage is >> impossible >> -- the RFC is flexible enough WRT things like nested comments that >> I'm >> fairly certain no single regex can handle them all), and -- as we've >> seen -- attempts to cover a broader chunk of the RFC can introduce >> issues with performance. >> >> So what I'd like to propose is that EmailField essentially check that >> the value contains an '@', and a '.' somewhere after it. This will >> cover most addresses that are likely to be in actual use, and various >> confirmation processes can be used to rule out any invalid addresses >> which happen to slip through that. Meanwhile, people who want to >> support comments inside a bang path or other such exotic beasts can >> simply write their own regex for it and tell a form to use that >> instead. >> >> >> >> >> > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
