- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
On the open net, doing sanity checks on user typed material is OK, but should not be blocking, just asking for confirmation.
Fex
A valid email address can be just one letter, with the domain added by the first SMTP server.
Domain length can be as short as three; a.cc .
Few countries have substates, but I have had to receive a few packages over the years with Alabama in the address. AFAIR I have never been to Alabama.
Phone area codes...
Admin
I think you misread the password check - it seems to require at least letters and numbers, but doesn't block other characters. Still not great, but at least not great in a pretty typical way.
Admin
I've seen enough websites that convert email addresses to uppercase as you're typing that it's simply not practical to have a case-sensitive mail server. Theory, meet practice.
Admin
I guess "a1b2c3d4ef6g7" is a valid phone number, since they're only counting digits and ignoring every other character. I suppose that was done to remove spaces, slashes, dashes, etc.
Admin
Fit the First: "a.cc" is four characters, not three.
Fit the Second: it used to be possible, for ".uk"'s ccTLD administrators, to have public email addresses of the form "john@uk", where the domain part is only two characters. I've heard that this is no longer possible for those folks, but I see no reason to think that such an address wouldn't still work if a ccTLD wanted to make it possible. Good luck getting that through any c&n(1) web form validator's "you have a valid email address" check.
(1) "cheap and nasty". They're all cheap, and as a result in almost all cases they are nasty code as well.
Admin
For phone numbers I much prefer https://en.wikipedia.org/wiki/E.123#:~:text=international%20notation (skip the spaces) for use inernationally either in the DB or on phones. Have used the format since my first GSM 29 years ago.
Addendum 2026-01-22 07:57: &%¤##%¤! missing linebreaks.
Admin
Yeah, I prefer that one, too. Shame that lots of sites don't accept it. Well. Maybe. I haven't gone back recently and tried them again recently...
Admin
But please pay attention to the difference between E.123 and E123 (aka FD&C Red #2, aka "Amaranth").
Admin
Either I need more caffeine or "a1b2c3d4ef6g7" has only six digits while the test is ">= 7"
Admin
Half the reason I read this site is to be entertained and the other half is to check if I'm doing something y'all would say WTF to.
So I'm going to ask: what is cursed about
Admin
Not really. Not if you are entering it on somebody else's web site so that they can send you emails. Their first SMTP server isn't going to be adding your domain to your email address that consists of just a name.
Admin
ICANN doesn't want them to, but they don't actually have that much control over the ccTLDs. At least as of a few years ago, 25 actually had an MX record, per the 12th section of https://www.netmeister.org/blog/email.html and so explicitly could get email, and several more had A records and so might be able to get email too.
Admin
No, that's XML that you shouldn't use regex's on. In fact, I would say it is perfectly fine to do a basic validation on an email address using a regex. The only validation you should be doing is that it has an
@sign and the bit after the@is a well formed DNS name. None of this tells you it is a valid email address of course, but it will stop your SMTP server from rejecting your attempt to send an email to really check the address is valid.Admin
A friend of mine once had the address
n@ai. His name was Ian :-) For funsies, he also had the address!@ai.Admin
I'm guessing its not having to be sure that its a string you're trying to trim, as opposed to a squirrel or a kitchen sink. If that's the kind of code base you're working in, yeah there are a few curses going around.
Admin
With the sheer variety of TLDs now available, the only real check you can make on an email address is that it has an '@' sign and at least one character before and after it.
You could, I suppose, do a DNS lookup on the domain to confirm it's got an MX record, but the only real way to confirm it's a real address is to send an email to it and get the user to confirm receipt.
Admin
It means that 1) you're not using a proper strongly-typed language, and thus 2) you've succumbed to the type-sloppiness that inevitably brings about, which means 3) your codebase is probably riddled with all sorts of weird bugs that arise from mismatched types.
Admin
You don't need a strongly-typed language for that. All that means is the type checking is done at compile time. You can still do a similar thing at runtime in (e.g.) JavaScript but you would do the check earlier and not mix it in with things like trimming a string. And by the looks of the yup documentation, that "yup.string()" they are calling does exactly that - ensuring the value is a string (i.e. if they wanted a number they should use "yup.number()".
Admin
I missed the 5 between e and f...
Admin
To be fair, if your email server does apply this then you really should expect emails to be dropped.
Admin
You're making a billion assumptions to basically correlate weakly-typed languages with crappy code. This is just your personal bias talking. While it's obviously true that a strongly-typed language will prevent a coder from making ONE class of stupid mistakes, it says nothing of the capability of the developers themselves, and therefore neither it does of the quality of the code.
It's already been said that a crappy dev will write crappy code in any language. Your beloved Java isn't immune.
Admin
Whilst that is true in principal and I am all for supporting more flexible tools at the expense of guard rails there does indeed appear to be a significant correlation between not just bad code but bad developers and weakly typed languages.
I think it has to do with the fact they are often aimed at web design spits or amateurs bashing together scripts like python rather than real development and thus attract the sort of people who really should not be in our trade. The sort that find the idea of having to think about types scary and can't wrap their head around the difference between int and float.
Admin
Entering your email address in a web form is not the same thing as sending mail through your mail provider's SMTP. A web form would be using a foreign SMTP to send mail to you, and thus wouldn't be expect to know what domain to add.
Addendum 2026-01-23 09:27: *wouldn't be expected
Admin
FULLZ UPDATED 2026 USA UK CANADA SSN NIN SIN INFO with ADDRESS DL Photos front & back with Selfie Passport Photos IT|SP|RUS|AUS|BR|FR amny Countries DL photos available
Children FUllz USA 2011-2023 Young & Old age FUllz 1930-2010 High CS Pros 700+ Comapny EIN Business Fullz LLC EIN Docs with DL Dead Fullz CC with CVV & Billin Address
NIN Fullz with Address NIN Fullz with address Sort Code & Account number NIN UK Fullz with DL UK DL photos front back with Selfie UK Passport Photos UK CC fullz
SIN Fullz with Address Canada DL Photos Front Back with Selfie CA Passpoprt Photos CA Email & Phone Number Active Leads Live CA Fullz
Germany|Spain|Australia Fullz with Address & DOB Email Leads (Forex, Crypto, Casino, Investors, CEO's, Crypto, Crypto Exchanges) Sweep Stakes Active Combos & B2B Leads
Tools & Tutorials available Carding Cash Out Scripting Spa--mming SMTP RDP C-panels Shells Web-Mailers SMS & Email Bulk Senders Look-Up Tutorials
Telegram@killhacks - @ leadsupplier What's App - (+1) 727..788..6129 TG Channel - t.me/leadsproviderworldwide Discord - @ leads.seller VK Messenger - @ leadsupplier Signal - @ killhacks.90 Zangi - 17-7369-4210 Email - exploit.tools4u at gmail dot com https://about.me/gilberthong
Many Other Stuff available in our shop Active & Live Fullz with guarantee Providing Replacements if anything found invalid Available 24/7
#fulz #leads #emailleads #sweepstakes #cryptoleads #casinoleads #ssnleads #dlphoto #usaleads #canadaleads #fullzusa #fullzuk #whatsapp #facebook #activeleads #ccshop #cvvdumps #usadocs #highcreditscorefullz #eincompanydocs #kycstuff #infokyc #validfullz #validvendor
Admin
The only "curse" I can think of regarding the string trimming is in the (rare) event a "new String()" instead of a string primitive finds its way into your runtime, typeof will return "object". The following modification handles both scenarios:
return v?.constructor === String ? v.trim() : v;
Admin
The WHATWG HTML standard specifies a 135-character regular expression that every browser uses to validate an <input type="email">. IMO it's generally best to just align your applications with that so you don't have a "valid here but invalid there" situation.