> Russell raises my biggest concern with this proposal. There are
> a lot of smart folks in the Django-Developers end of things that
> can cobble together a pretty legit regexp that covers the
> majority of cases with no horrific DOS cases (e.g. last security
> issue).
>
...
> My initial
> 1) If we encourage people to write their own regex if they want
> tighter email validation, we run the risk that users will
> inadvertently introduce the same bug that we have just fixed.
Russell raises my biggest concern with this proposal. There are
a lot of smart folks in the
On Oct 10, 9:35 am, James Bennett wrote:
> So what I'd like to propose is that EmailField essentially check that
> the value contains an '@', and a '.' somewhere after it. This will
> cover most addresses that are likely to be in actual use, and various
> confirmation
Ned,
You really ought to show us all how to use that time machine. :)
On Oct 10, 2009, at 8:49 AM, Ned Batchelder
wrote:
>
> +1
>
> http://nedbatchelder.com/blog/200908/humane_email_validation.html
>
> I was going to kibbitz on the fix (removing a single * would
On Sat, Oct 10, 2009 at 9:35 PM, James Bennett wrote:
>
> In light of yesterday's security issue, I'd like to propose that we
> significantly dumb down the regex Django uses to validate email
> addresses.
>
> Currently, the regex we use covers many common cases, but comes
+1
http://nedbatchelder.com/blog/200908/humane_email_validation.html
I was going to kibbitz on the fix (removing a single * would have
sufficed), and realized we were once again in the quagmire of email
regex validation.
--Ned.
James Bennett wrote:
> In light of yesterday's security issue,
In light of yesterday's security issue, I'd like to propose that we
significantly dumb down the regex Django uses to validate email
addresses.
Currently, the regex we use covers many common cases, but comes
nowhere near covering the entire spectrum of addresses allowed by the
RFC; several