Re: Proposal for 1.2: Dumber email validation

2009-10-15 Thread Ulrich Petri
> Russell raises my biggest concern with this proposal.  There are > a lot of smart folks in the Django-Developers end of things that > can cobble together a pretty legit regexp that covers the > majority of cases with no horrific DOS cases (e.g. last security > issue). > ... > My initial

Re: Proposal for 1.2: Dumber email validation

2009-10-15 Thread Tim Chase
> 1) If we encourage people to write their own regex if they want > tighter email validation, we run the risk that users will > inadvertently introduce the same bug that we have just fixed. Russell raises my biggest concern with this proposal. There are a lot of smart folks in the

Re: Proposal for 1.2: Dumber email validation

2009-10-15 Thread Chris Adams
On Oct 10, 9:35 am, James Bennett wrote: > So what I'd like to propose is that EmailField essentially check that > the value contains an '@', and a '.' somewhere after it. This will > cover most addresses that are likely to be in actual use, and various > confirmation

Re: Proposal for 1.2: Dumber email validation

2009-10-10 Thread Jeremy Dunck
Ned, You really ought to show us all how to use that time machine. :) On Oct 10, 2009, at 8:49 AM, Ned Batchelder wrote: > > +1 > > http://nedbatchelder.com/blog/200908/humane_email_validation.html > > I was going to kibbitz on the fix (removing a single * would

Re: Proposal for 1.2: Dumber email validation

2009-10-10 Thread Russell Keith-Magee
On Sat, Oct 10, 2009 at 9:35 PM, James Bennett wrote: > > In light of yesterday's security issue, I'd like to propose that we > significantly dumb down the regex Django uses to validate email > addresses. > > Currently, the regex we use covers many common cases, but comes

Re: Proposal for 1.2: Dumber email validation

2009-10-10 Thread Ned Batchelder
+1 http://nedbatchelder.com/blog/200908/humane_email_validation.html I was going to kibbitz on the fix (removing a single * would have sufficed), and realized we were once again in the quagmire of email regex validation. --Ned. James Bennett wrote: > In light of yesterday's security issue,

Proposal for 1.2: Dumber email validation

2009-10-10 Thread James Bennett
In light of yesterday's security issue, I'd like to propose that we significantly dumb down the regex Django uses to validate email addresses. Currently, the regex we use covers many common cases, but comes nowhere near covering the entire spectrum of addresses allowed by the RFC; several