On 6 March 2014 09:04, Charles Mills <[email protected]> wrote: > (2) you run the risk of rejecting something in the client that is actually valid on the server -- > for example if the server is enhanced in some way down the road before you can enhance the client.
And surely the most ubiquitous (and egregious) of these is the over strict "validation" of email addresses, found on web pages everywhere. I once thought these sites were all using the same bad Javascript example from somewhere, but though there are plenty with identical code, there are also at least a dozen common variations and countless independent (and at least as wrong) ones out there. Clearly there's a need to avoid SQL injection and such, but still the range of valid characters surprises, e.g. these are valid, but will be rejected by virtually all web sites: Tom&[email protected] Bob&Carol+Ted&[email protected] Paddy.O'[email protected] . My experience in dealing with non compliant web sites (you know sometimes you get on a mission for a bit, even knowing it's ultimately futile?) is that most of them: 1) ignore me completely 2) Respond with a "we are looking into it", followed by nothing. 3) Respond with "you are wrong - get your email address fixed" (I love this one!) or some combination. I convinced <well known food manufacturer> (contest on a cereal box - don't ask) to fix one of their email pages, which they did very promptly. However they had some equally bogus secondary validation (still client-side), and they then responded with (2), and eventually with (3). Even their "contact us" page won't accept a valid address. Why people want to annoy their customers so much is beyond me. On the other hand I got an excellent response from a place that designs sites for charities - they thanked me for my input, apologized, fixed it almost immediately, wrote back to tell me in detail what they'd done, and contacted all their charity customers to tell them about the problem and that they'd be updating their sites. Amazing. One good approach for those who really don't believe an address can contain character <x> (and/or think that RFCs are some obsolete suggestions from the early days of the net) is to send them an email from an address containing it. Their email client will handle it fine in- and out-bound, even if it's MS Outlook or Notes or some similar corporate thing Well, sorry - it's not quite Friday here. Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
