Discussion:
[FE-discuss] Email Validator and RFC(c.f. bug 2581271)
Alexander Fairley
2009-10-21 18:04:11 UTC
Permalink
Hey guys,

I was reading along with rfc3696 to get a handle on email validation, and I
noticed that it says that trailing, leading and doubled dots in the local
part of the email are to be considered invalid. As of 1.2.2 formencode
thinks things such as "***@gmail.com" are valid. I believe
that the following patch will resolve this issue. I'll do a little testing
later, but I wanted to send this out and find out what I should to w.r.t.
getting it upstream. I looked to see if there was a bug on this, the
cloesest I found was
http://sourceforge.net/tracker/index.php?func=detail&aid=2581271&group_id=91231&atid=596416
This patch should address the . issues, but not the umlaut fun time issues.

Cheers,

Alex

Index: formencode/validators.py
===================================================================
--- formencode/validators.py (revision 4045)
+++ formencode/validators.py (working copy)
@@ -1301,7 +1301,7 @@

resolve_domain = False

- usernameRE = re.compile(r"^[^ \t\n\r@<>()]+$", re.I)
+ usernameRE = re.compile(r"^[^ \t\n\r@<>().]+((.)?[^ \t\n\r@<>().]+)*$",
re.I)
domainRE = re.compile(r'''
^(?:[a-z0-9][a-z0-9\-]{0,62}\.)+ # (sub)domain - alpha followed by
62max chars (63 total)
[a-z]{2,}$
Aston Motes
2009-10-21 19:05:29 UTC
Permalink
Hey Alexander,

That regular expression passes for a username like "***@b" where the old regex
didn't. It also has nested repeat matching (+ inside of *) which can be
dangerous (see http://www.djangoproject.com/weblog/2009/oct/09/security/ ).
Check out the performance of your regex on a string like
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa@"!

- Aston

On Wed, Oct 21, 2009 at 11:04 AM, Alexander Fairley <
Post by Alexander Fairley
Hey guys,
I was reading along with rfc3696 to get a handle on email validation, and I
noticed that it says that trailing, leading and doubled dots in the local
part of the email are to be considered invalid. As of 1.2.2 formencode
that the following patch will resolve this issue. I'll do a little testing
later, but I wanted to send this out and find out what I should to w.r.t.
getting it upstream. I looked to see if there was a bug on this, the
cloesest I found was
http://sourceforge.net/tracker/index.php?func=detail&aid=2581271&group_id=91231&atid=596416
This patch should address the . issues, but not the umlaut fun time issues.
Cheers,
Alex
Index: formencode/validators.py
===================================================================
--- formencode/validators.py (revision 4045)
+++ formencode/validators.py (working copy)
@@ -1301,7 +1301,7 @@
resolve_domain = False
re.I)
domainRE = re.compile(r'''
^(?:[a-z0-9][a-z0-9\-]{0,62}\.)+ # (sub)domain - alpha followed by
62max chars (63 total)
[a-z]{2,}$
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
FormEncode-discuss mailing list
https://lists.sourceforge.net/lists/listinfo/formencode-discuss
Loading...