Opened 11 years ago
Closed 10 years ago
#9371 closed defect (fixed)
dojox.validate.regexp.emailAddress allowing bad emails
Reported by: | sgourley | Owned by: | Adam Peller |
---|---|---|---|
Priority: | high | Milestone: | 1.4 |
Component: | Dojox | Version: | 1.3.0 |
Keywords: | validationtexbox | Cc: | |
Blocked By: | Blocking: |
Description
a@b is validating to true.
<input id="txt_name" type="text" name="email" value="" style="width: 250px;"
dojotype="dijit.form.ValidationTextBox?" regexpgen="dojox.validate.regexp.emailAddress" required="true" invalidmessage="Invalid Email Address." />
Change History (8)
comment:1 Changed 11 years ago by
comment:2 Changed 11 years ago by
plus, I think we stopped restricting tlds now that iana has opened up tld registration.
comment:3 Changed 10 years ago by
A FQDN does need to be more than a single token. Otherwise it is unqualified.
The email address validator uses the web.host validation regex.
My reading of the code suggests that if "allowNamed=false" and "allowLocal=false", then it should NOT accept "b" as a host name.
Even with allowLocal and allowNamed set to false, the regex for host does not require both a host AND a tld.
Don't know how to submit a patch, but the change is from "*" to "+" in line 111 (follows)
var hostNameRE = "((?:" + domainLabelRE + "
.)*" + domainNameRE + "
.?)";
should be
var hostNameRE = "((?:" + domainLabelRE + "
.)+" + domainNameRE + "
.?)";
comment:4 Changed 10 years ago by
Component: | General → Dojox |
---|---|
Owner: | changed from anonymous to Adam Peller |
comment:5 Changed 10 years ago by
Wanted to be sure I wasn't full of it, so I checked the RFC
http://tools.ietf.org/html/rfc2821#section-2.3.5
It says a local alias (vs. a FQDN) must NOT appear in an SMTP transaction.
I hope this is helpful.
comment:7 Changed 10 years ago by
Milestone: | tbd → 1.4 |
---|
comment:8 Changed 10 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
Fixed in [20703] Thanks, jow
afaik, a@b is a valid email address (as per the spec). There is nothing stating an email address requires a TLD. Perhaps this could be put in as an option, but generally speaking: .*@.* is valid