me: i need to validate some email addresses, so i am going to write a quick regex.
-
me: i need to validate some email addresses, so i am going to write a quick regex. how hard can it be?
*4 hours later*
me. i now have 2 problems and one of them is that I've accidentally summoned an ancient daemon. wht the actual fuck@nixCraft My experience tells me that if you have a problem and you solve it with regular expressions, you have two problems.
-
me: i need to validate some email addresses, so i am going to write a quick regex. how hard can it be?
*4 hours later*
me. i now have 2 problems and one of them is that I've accidentally summoned an ancient daemon. wht the actual fuck -
me: i need to validate some email addresses, so i am going to write a quick regex. how hard can it be?
*4 hours later*
me. i now have 2 problems and one of them is that I've accidentally summoned an ancient daemon. wht the actual fuckAt least the ancient demon is bound to serve you, and not eat you until it provides you with a perfect email parsing library, right?
-
me: i need to validate some email addresses, so i am going to write a quick regex. how hard can it be?
*4 hours later*
me. i now have 2 problems and one of them is that I've accidentally summoned an ancient daemon. wht the actual fuck@nixCraft https://regex101.com/ is your friend, your very very good friend
-
@nixCraft Either you use something simple like
.*@.*\..*(at least an at-sign and a dot after it) and send an e-mail with an link or you will summon a debate war on if the complete e-mail standards should be followed or not.And, if you choose to follow the standards, I have to warn you (and I guess some people had warned you already) that most e-mail servers do not follow the standard (like Cloudflare).
On the other hand, I just sent a message from
"example+';DROP/**/TABLE/**/users;#"@gmail.comtoexample@some-domain-of-mineand it arrived. I hope you never need to deal with addresses like those.@qgustavor@urusai.social @nixCraft@mastodon.social you have successfully summoned a debate war by forgetting that user@localhost is a valid email, so is user@::1, and any other locally resolved name and ipv6 address. Just containing a @ is more than enough if you already try to send an email to it.
Seriously though, enforcing a dot in the domain is probably reasonable for most publicly accessible email servers. -
me: i need to validate some email addresses, so i am going to write a quick regex. how hard can it be?
*4 hours later*
me. i now have 2 problems and one of them is that I've accidentally summoned an ancient daemon. wht the actual fuck@nixCraft Can the daemon validate things for you?
-
me: i need to validate some email addresses, so i am going to write a quick regex. how hard can it be?
*4 hours later*
me. i now have 2 problems and one of them is that I've accidentally summoned an ancient daemon. wht the actual fuck@nixCraft now toss moving between BSD/macOS and GNU into the mix.
-
@meeper JavaScript you say? The same person covered that too. This one made me want to punch my computer.
-
@nixCraft I think this is the right page from the Necronomicon: (?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])
@StealthyTango and it needs to be typed in a demonic font, or it won't work.
-
-
me: i need to validate some email addresses, so i am going to write a quick regex. how hard can it be?
*4 hours later*
me. i now have 2 problems and one of them is that I've accidentally summoned an ancient daemon. wht the actual fuck@nixCraft Everytime someone uses a regex to validate an email, god kills truckloads of kittens
Split on last @ ensuring the previous character is not itself an @
Check if the domain part resolves, make sure you allow for international domain names.
You can check if the localpart is well formed. IIRC this is not possible with regexes. You need a parser.
With a valid domain, sending an email is the only real way to verify if the address is actually valid. Well formed doesn't mean accepted.
-
me: i need to validate some email addresses, so i am going to write a quick regex. how hard can it be?
*4 hours later*
me. i now have 2 problems and one of them is that I've accidentally summoned an ancient daemon. wht the actual fuck@nixCraft Reminded of this old gem:
-
@qgustavor@urusai.social @nixCraft@mastodon.social you have successfully summoned a debate war by forgetting that user@localhost is a valid email, so is user@::1, and any other locally resolved name and ipv6 address. Just containing a @ is more than enough if you already try to send an email to it.
Seriously though, enforcing a dot in the domain is probably reasonable for most publicly accessible email servers. -
R relay@relay.infosec.exchange shared this topic
