On 7 Sep 2000 Randal L. Schwartz wrote:
> This is neither necessary nor sufficient. Please stop with this
> nonsense. An email address can have ANY CHARACTER OF THE PRINTABLE
> ASCII SEQUENCE. An email address NEVER NEEDS TO GET NEAR A SHELL, so
> ALL CHARACTERS ARE SAFE. Clear? Man, if I see ONE MORE script that
> checks for a "legal email", I'm gonna scream. Matter of fact, I
> already did. :)
I have an immense amount of respect for you Randal, but I think you're
generalizing a bit much here. There are a number of cases where checking
an email address' validity makes perfectly good sense. The most obvious
is just plain human-computer interface design. If I can give the user a
message "hay, that's not a valid email address" instead of them wondering
why they never received an email, that's makes the interaction more
intuitive. Many, many scripts end up calling sendmail to send mail. I'm
not for a moment going to applaud that method, but it does mean that shell
escapes in an email address will cause problems.
--
</chris>
If you're not part of the solution, you're part of the precipitate.
- Steven Wright
