Click
  1. Click
  2. CLK-778

EmailField Data Validation Is Insufficient

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 3.0.0
    • Component/s: extras
    • Labels:
      None

      Description

      In the Click Extras project, the current EmailField validation does not sufficiently limit user input to the format of an email address. As an example, I loaded the Avoka examples site and was able to successfully submit the following as an email address in the Extra Form Controls page:

      how.can@this@be@a@valid.email.address

      For my own use I have extended EmailField with the following additional validation logic:

      private static final Pattern EMAIL_ADDRESS_REGEX_PATTERN = Pattern.compile("^[a-zA-Z0-9._%+-]@[a-zA-Z0-9.-]
      .[a-zA-Z]

      {2,4}

      $", Pattern.CASE_INSENSITIVE);
      ...

      @Override
      public void validate() {
      super.validate();
      if (EMAIL_ADDRESS_REGEX_PATTERN.matcher(StringUtils.trimToEmpty(this.value)).matches())

      { this.setErrorMessage("email-format-error"); }

      }

        Issue Links

          Activity

          Adrian A. made changes -
          Link This issue incorporates CLK-774 [ CLK-774 ]
          Adrian A. made changes -
          Fix Version/s 3.0.0 [ 12315124 ]
          Hide
          Naoki Takezoe added a comment -

          > if valid email addresses are not validate which would break backward compatibility?

          Valid email address would be also valid in the new validation rule.
          So, In fact, I think this change would not make any effect to existing applications.

          Show
          Naoki Takezoe added a comment - > if valid email addresses are not validate which would break backward compatibility? Valid email address would be also valid in the new validation rule. So, In fact, I think this change would not make any effect to existing applications.
          Hide
          Bob Schellink added a comment -

          The standard for email address syntax is called RFC2822:
          http://tools.ietf.org/html/rfc2822

          To implement it correctly is not easy:
          http://www.regular-expressions.info/email.html

          Here is an article providing a more realistic implementation with explanations of the tradeoffs:
          http://ex-parrot.com/~pdw/Mail-RFC822-Address.html

          Click's email validation is very lenient. We could improve it slightly by ensuring only one '@' character and not more than two periods after the @ sign or switch to a regular expression. My only concern with regex is what if valid email addresses are not validate which would break backward compatibility?

          We also need to keep in mind that we have both Java and JavaScript validation that needs to be kept in sync with each other.

          Show
          Bob Schellink added a comment - The standard for email address syntax is called RFC2822: http://tools.ietf.org/html/rfc2822 To implement it correctly is not easy: http://www.regular-expressions.info/email.html Here is an article providing a more realistic implementation with explanations of the tradeoffs: http://ex-parrot.com/~pdw/Mail-RFC822-Address.html Click's email validation is very lenient. We could improve it slightly by ensuring only one '@' character and not more than two periods after the @ sign or switch to a regular expression. My only concern with regex is what if valid email addresses are not validate which would break backward compatibility? We also need to keep in mind that we have both Java and JavaScript validation that needs to be kept in sync with each other.
          Hide
          Naoki Takezoe added a comment -

          I think it should be fixed, but it might break backward compatibility.
          I can't judge whether we should do it.

          How do you think about it?

          Show
          Naoki Takezoe added a comment - I think it should be fixed, but it might break backward compatibility. I can't judge whether we should do it. How do you think about it?
          Naoki Takezoe made changes -
          Field Original Value New Value
          Assignee Naoki Takezoe [ takezoe ]
          Clint Lawrence created issue -

            People

            • Assignee:
              Naoki Takezoe
              Reporter:
              Clint Lawrence
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:

                Development