[UA-discuss] Regular Expression

Jim Hague jim at sinodun.com
Thu Sep 14 15:44:47 UTC 2017


On 12/09/2017 19:44, Don Hollander wrote:
> One RegEx has stood out as being simple and correct.   I’d like the UASG
> to consider recommending this in our documentation.   Toward that end,
> this thread is for discussion.
> 
> /^.+@(?:[^.]+\.)+(?:[^.]{2,})$
> 
> Regular expression check in Javascript. This accepts any Unicode
> characters, only insisting that the domain must have more than one label
> and the TLD is 2 characters or longer. 

Note that this in the context of an in-browser check. I only examined a
small random subset of the sites surveyed in the main evaluation, and
obviously without access to server code could only examine client-side
operations. In all the sites I examined, the only check performed was
against one (or in one case two) regular expression(s). No decomposition
of the email address was attempted, and certainly no translation of the
domain to Punycode.

It was in that context that I highlighted the above regex, on the basis
that it's probably the only sensible option to suggest to organisations
as a low-impact UA improvement (I won't say fix) at the moment. If a
future evaluation exercise verifies that an existing Javascript module
does the right thing, that would be a better alternative, but that would
involve more substantial modifications to site code.

I agree that modifying it to allow 1 character TLDs would be sensible.

I also agree with the page referenced at the start of the thread (which
I read before working on the report) that just checking for '@' is about
all one should attempt, certainly client-side.

Turning again to the above regex, of course, being a proposed regex for
validating email addresses, it's got an obvious deficiency. It needs to
add support for other label separators (e.g. open dot).

Mark Svancarek raised the excellent point of bidi in the domain.
Personally I'm not confident I understand the bidi rules. But if the
regex requires at least one label separator character in the domain and
non-empty labels, will that work, given that if the regex allows 1
character TLDs then a valid TLD is simply a non-empty label?
-- 
Jim Hague - jim at sinodun.com          Never trust a computer you can't lift.


More information about the UA-discuss mailing list