I can understand incompetency preventing use of “+” in the username portion of an email address at a lot of corporate sites. Those folks are used to Exchange and they restrict to alphanumeric so that people don’t put spaces in. But when an open source project tells me “gr+theirsitename@…” is invalid? Okay, so I do expect it from sleazy domain-squatting ASP programmers who support an “Open” ID site with ads[1] , but this still really pisses me off whenever I encounter it.
Here’s openid.org crapping the bed:
Look folks, this is REALLY NOT HARD. If you’ve ever taken a computer science class above “HTML”, you can read the spec in RFC 2822. Here it is:
addr-spec = local-part "@" domain
local-part = dot-atom / quoted-string / obs-local-part
domain = dot-atom / domain-literal / obs-domain
domain-literal = [CFWS] "[" *([FWS] dcontent) [FWS] "]" [CFWS]
dcontent = dtext / quoted-pair
dtext = NO-WS-CTL / ; Non white space controls
%d33-90 / ; The rest of the US-ASCII
%d94-126 ; characters not including "[",
; "]", or "\"
Or, in plain English (as displayed on Wikipedia):
According to RFC 2822, the local-part of the address may use any of these ASCII characters:
- Uppercase and lowercase letters (case sensitive)
- The digits 0 through 9
- The characters ! # $ % & ‘ * + - / = ? ^ _ ` { | } ~
- The character . provided that it is not the first or last character in the local-part.
Additionally, RFC 2821 and RFC 2822 allow the local-part to be a quoted-string, as in “John Doe”@example.com, thus allowing characters in the local-part that would otherwise be prohibited. However, RFC 2821 warns: “a host that expects to receive mail SHOULD avoid defining mailboxes where the Local-part requires (or uses) the Quoted-string form”.
If your email validation doesn’t permit ALL of that (you’re allowed to refuse the quoted form, if you like; that’s fine by me too) then it is BROKEN.
And even if you think matching strings is hard, smart people already did the work for you. Please, give us a fucking break!
Post a Comment