WingNews logo WingNews
top | item 5824668

(no title)

samarudge | 12 years ago

It validates emails with a regex. I'm not sure how many times it's been discussed that you shouldn't validate emails with a regex, but please stop validating emails with a regex.

Source: https://github.com/guillaumepotier/validator.js/blob/master/...

http://davidcel.is/blog/2012/09/06/stop-validating-email-add... http://stackoverflow.com/a/202528/744180 (others, just Google)

discuss

order

asperous|12 years ago

A dang long one at that! I'm sure the author just copied and pasted it someone. It looks like it's not that great: http://tinyurl.com/emailregextest

Maybe we can find a better simple solution they can use? If they don't have that feature many people will be frustrated.

Just as a reminder, if you are sending email verifications out anyway, there is no point in validating email addresses manually.

guillaumepotier|12 years ago

Right. But not including it will inexorably lead to new Issue or PR to add it. Not sure it is validatorjs's role to educate users in their validation, just providing best as possible tools to do it right, no ?

samarudge|12 years ago

I guess it depends on one's perspective. You are probably right that someone will send a pull request to add it if it's not there, but I think authors of tools should always do their best to encourage users to do things correctly, especially issues like this which can easily be found without even knowing it's an issue (Google-ing "Email Regular Expression" brings up results for me on the first page recommending it's not a good idea)

Certainly when it comes to security, authors should do their best to ensure users of the tool are educated, when there's a security issue with any large software product, particularly open source, that's mostly down to poor configuration or ill-informed users, the authors are instantly criticized, but I think it should be the same for any general features in a tool that targets a specific functionality. This particular "best practice" is quite easy to find, and the tool is very specifically targeted towards validation, yet has something that's against best practice and could potentially cause frustration for people who use this tool, and people who use the stuff created using this tool.