I posted this as a comment on his blog, but thought it was interesting enought that others might want to know what is going on.
The IsValid() function uses the following regular expression to determine if the email is valid:
"^[a-zA-Z_0-9-'\+~]+(\.[a-zA-Z_0-9-'\+~]+)*@([a-zA-Z_0-9-]+\.)+[a-zA-Z]{2,7}$"
The CFMail tag uses the Sun Java class
javax.mail.internet.InternetAddress
parse() function. Since the implementation uses JavaMail, this is how we generate the InternetAddress objects that we pass in for the addresses (to, from, cc, etc).The "strict" attribute is turned on. The JavaDoc says of this:
"Parse the given sequence of addresses into InternetAddress objects. If strict is false, simple email addresses separated by spaces are also allowed. If strict is true, many (but not all) of the RFC822 syntax rules are enforced. In particular, even if strict is true, addresses composed of simple names (with no "@domain" part) are allowed. Such "illegal" addresses are not uncommon in real messages.
Non-strict parsing is typically used when parsing a list of mail addresses entered by a human. Strict parsing is typically used when parsing address headers in mail messages"
See the InternetAddress JavaDoc at http://java.sun.com/products/javamail/javadocs/javax/mail/internet/InternetAddress.html
In general I think that the more strict IsValid() behavior is a good thing, and importantly it matches the client side validators used for forms in the browser. This is what it is intended to do (match client and server behavior).
7 comments:
I am SOOOOO glad I found your page!!! Thank you!!!! This took care of a validation loop check for cc addys I was inserting in a cfmail tag.
Beautiful web page design, too, my compliments!!
I am using a similar code to check an email and depending on the domain of the email, I am updating certain criteria. The problem is that I am getting an error message when it is validating a domain with a hyphen. Any ideas on how i can resolve that?
cfif REFindNocase("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[Jones-Thomas]+(\.[a-z0-9-]+)*\.(([a-z]{2,3})|(aero|coop|info|museum|name))$", Email)>
query name="update" datasource="XXX">
update XXX set YYY = 1 where id = #getID.id#
/query>
It works great if the email domain is not hyphenated.
Keith,
You would need to add a "-" as one of the characters allowed by your regular expression.
I don't claim to be a RegEx expert, but I know there are lots of resources out there to help you.
Good to know the regular expression used by the IsValid() function so the client-side check can be consistent with the server-side! Nice blog in general too!
Tom,
I've built 2 regex expressions to use to validate a form based email address.
cfset APPLICATION.single_email_pattern = "^([0-9a-zA-Z]([-._+\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+(([a-zA-Z]{2,4})))$"
cfset APPLICATION.multiple_email_pattern = "^([0-9a-zA-Z]([-._+\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+(([a-zA-Z]{2,4})))*([,]\s*[0-9a-zA-Z]([-._+\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+(([a-zA-Z]{2,4})))*$"
Unfortunately, it isn't perfect and we finde people occasionally screwing up and submitting emails where they leave off the comma between emails (hence two @ @ signs with parts of the emails between them).
Any way that you can tell us where to find 2 things?
1) a good regex expression for client side validation of 1 (OR MORE) email addresses in 1 field
2) some good CF code that we can use as validation on the server side BEFORE calling the cfmail tag?
Our internal users find ways to submit invalid emails (structurally) on the client side that we don't always catch, and then the cfmail tag hiccups and sends us an email notice. If Sun/Java specifies formats for the cfmail tag to use, than can someone on your end create some code that will validate our form.fieldname before we use it in a cfmail call?
Thanks,
Ryan, hartwichr@hotmail.com
Ryan, did you get answers to your questions? I am very interested in the same thing for an app I'm working on, and it would really be helpful! Please let me know, carla.scepaniak@alacop.gov, thanks!!!!
Hey Tom, what did you use for the word verification image production for the blog?
Interesting discussion both for validating email addresses in general, as well as ColdFusion in particular. There is a small difference n the REGEX expression on this post and the REGEX expression Tom posted on Ben Nadel's blog.. The posting on Ben's blog omits underscore as a valid character in user names by using 'a-zA-Z0-9' instead of 'a-zA-Z_0-9'.
Use the one in this post.
Post a Comment