mail] PHP/shell script]
Gerald Combs
gerald at ethereal.com
Fri Aug 15 21:42:27 CDT 2003
On Fri, 15 Aug 2003, Dave Hull wrote:
> On 15 Aug 2003, brad wrote:
>
> > > 2) parse the data out stripping all character except the ones you
> > > want to allow.
>
> This approach is widely considered the "best practice." For email addresses
> you're probably looking at the following set of characters [0-9A-z_.@] of
> course, there could be others.
>
> The point is, it's much easier to allow in what you know is acceptable and
> forbid everything else than it is to come up with a list of all possible
> nefarious combinations and allow everything else.
According to RFC 2822 (and 822 before it),
"I'm amazed; lots can go here!!!~`!@#$%^&*()_+=-.,<>:][{}"@[10.1.1.1]
is a valid email address. Kinda hard to parse or apply simple regexps to.
More information about the Kclug
mailing list