This is much better, but not perfect yet :) It still lets pass strings
like @., [EMAIL PROTECTED], [EMAIL PROTECTED], foo@@foo.com, etc.
I think that validating carefully everything what comes from the user
is an essential thing, and we have to don't allow "breaking" programs
by wrong inputs. It concerns not only e-mail addresses but any input
data. There are two cases when the user passes wrong input to the
program:
- the user mistyped something or forgot to fill the value at all
(unintentionally)
- somebody tries to hack the program intentionally
We have to take care of both cases, because we should provide the most
perfect experience for the user (just take your example: somebody
mistypes his/her e-mail address during a registration process and
vainly waits for the confirmation mail) and avoid any vulnerability
which allows malicious users to hack the program (even when we cannot
imagine what harm a wrong input can cause - may be somebody is more
inventive and figures out something).
JB> Another one I've used is this:
JB> --------------------------------------------------
JB> // vars
JB> var checkStr:String =
JB> "._-abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
JB> var isValid:Boolean;
JB> var inputTxt:TextInput;
JB> var valBtn:Button;
JB> var resultTxt:TextArea;
JB>
JB> function clicked() {
JB> resultTxt.text = (validateEmail(inputTxt.text)) ? "email is valid" :
JB> "email is not valid";
JB> }
JB> valBtn.addEventListener("click", clicked);
JB>
JB> function validateEmail(ti:String):Boolean {
JB> // ti = text input field string
JB> atChrIndex = ti.indexOf("@");
JB> dtChrIndex = ti.lastIndexOf(".");
JB> if(atChrIndex < dtChrIndex){
JB> frstStr = ti.slice(0,atChrIndex);
JB> mdleStr = ti.slice(atChrIndex+1, dtChrIndex);
JB> lastStr = ti.slice(dtChrIndex+1, ti.length);
JB> if(getStrValid(frstStr) && getStrValid(mdleStr) &&
getStrValid(lastStr)){
JB> return true;
JB> } else {
JB> return false;
JB> }
JB> } else {
JB> return false;
JB> }
JB> }
JB>
JB> function getStrValid(ti:String):Boolean {
JB> isValid = true;
JB> for(var i=0;i<ti.length;i++){
JB> if(checkStr.indexOf(ti.charAt(i)) == -1) isValid = false;
JB> }
JB> return isValid;
JB> }
JB> --------------------------------------------------
JB>
JB> The above script check for a "@" followed by the last instance of ".",
JB> and then splits the email string into three separate strings, and then
JB> checks if all the characters in those strings correspond to checkStr. In
JB> my script, more than one "." character is allowed in the email, cause
JB> I've seen some addresses being something like
JB> "[EMAIL PROTECTED]", which isn't allowed in
JB> Bokelberg's script.
JB>
JB> Email validation is fine, to a certain point. Maybe it's just me, but I
JB> try and spend the least amount of time on the issue; if a user wants to
JB> purposefully try and break the email validation (which they would need
JB> to in order to get past a script like the above) then they deserve not
JB> to get signed up for whatever. A good signup routine is not just about
JB> email validation, but about confirmation: if they purposefully put in an
JB> invalid email (which gets past the above routine), then they can't
JB> confirm. Sucks to be them.
JB>
JB> Of course, the simplest thing if you're doing a lot of string validation
JB> in your AS2 application is to use a RegExp class.
_______________________________________________
[email protected]
To change your subscription options or search the archive:
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
Brought to you by Fig Leaf Software
Premier Authorized Adobe Consulting and Training
http://www.figleaf.com
http://training.figleaf.com
