Click
  1. Click
  2. CLK-778

EmailField Data Validation Is Insufficient

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 3.0.0
    • Component/s: extras
    • Labels:
      None

      Description

      In the Click Extras project, the current EmailField validation does not sufficiently limit user input to the format of an email address. As an example, I loaded the Avoka examples site and was able to successfully submit the following as an email address in the Extra Form Controls page:

      how.can@this@be@a@valid.email.address

      For my own use I have extended EmailField with the following additional validation logic:

      private static final Pattern EMAIL_ADDRESS_REGEX_PATTERN = Pattern.compile("^[a-zA-Z0-9._%+-]@[a-zA-Z0-9.-]
      .[a-zA-Z]

      {2,4}

      $", Pattern.CASE_INSENSITIVE);
      ...

      @Override
      public void validate() {
      super.validate();
      if (EMAIL_ADDRESS_REGEX_PATTERN.matcher(StringUtils.trimToEmpty(this.value)).matches())

      { this.setErrorMessage("email-format-error"); }

      }

        Issue Links

          Activity

          Hide
          Naoki Takezoe added a comment -

          I think it should be fixed, but it might break backward compatibility.
          I can't judge whether we should do it.

          How do you think about it?

          Show
          Naoki Takezoe added a comment - I think it should be fixed, but it might break backward compatibility. I can't judge whether we should do it. How do you think about it?
          Hide
          Bob Schellink added a comment -

          The standard for email address syntax is called RFC2822:
          http://tools.ietf.org/html/rfc2822

          To implement it correctly is not easy:
          http://www.regular-expressions.info/email.html

          Here is an article providing a more realistic implementation with explanations of the tradeoffs:
          http://ex-parrot.com/~pdw/Mail-RFC822-Address.html

          Click's email validation is very lenient. We could improve it slightly by ensuring only one '@' character and not more than two periods after the @ sign or switch to a regular expression. My only concern with regex is what if valid email addresses are not validate which would break backward compatibility?

          We also need to keep in mind that we have both Java and JavaScript validation that needs to be kept in sync with each other.

          Show
          Bob Schellink added a comment - The standard for email address syntax is called RFC2822: http://tools.ietf.org/html/rfc2822 To implement it correctly is not easy: http://www.regular-expressions.info/email.html Here is an article providing a more realistic implementation with explanations of the tradeoffs: http://ex-parrot.com/~pdw/Mail-RFC822-Address.html Click's email validation is very lenient. We could improve it slightly by ensuring only one '@' character and not more than two periods after the @ sign or switch to a regular expression. My only concern with regex is what if valid email addresses are not validate which would break backward compatibility? We also need to keep in mind that we have both Java and JavaScript validation that needs to be kept in sync with each other.
          Hide
          Naoki Takezoe added a comment -

          > if valid email addresses are not validate which would break backward compatibility?

          Valid email address would be also valid in the new validation rule.
          So, In fact, I think this change would not make any effect to existing applications.

          Show
          Naoki Takezoe added a comment - > if valid email addresses are not validate which would break backward compatibility? Valid email address would be also valid in the new validation rule. So, In fact, I think this change would not make any effect to existing applications.

            People

            • Assignee:
              Naoki Takezoe
              Reporter:
              Clint Lawrence
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:

                Development