Hacker News new | past | comments | ask | show | jobs | submit login
Validator.js: the almost missing javascript validator for Node and the browser (validatorjs.org)
10 points by guillaumepotier on June 5, 2013 | hide | past | web | favorite | 5 comments

It validates emails with a regex. I'm not sure how many times it's been discussed that you shouldn't validate emails with a regex, but please stop validating emails with a regex.

Source: https://github.com/guillaumepotier/validator.js/blob/master/...

http://davidcel.is/blog/2012/09/06/stop-validating-email-add... http://stackoverflow.com/a/202528/744180 (others, just Google)

A dang long one at that! I'm sure the author just copied and pasted it someone. It looks like it's not that great: http://tinyurl.com/emailregextest

Maybe we can find a better simple solution they can use? If they don't have that feature many people will be frustrated.

Just as a reminder, if you are sending email verifications out anyway, there is no point in validating email addresses manually.

Right. But not including it will inexorably lead to new Issue or PR to add it. Not sure it is validatorjs's role to educate users in their validation, just providing best as possible tools to do it right, no ?

I guess it depends on one's perspective. You are probably right that someone will send a pull request to add it if it's not there, but I think authors of tools should always do their best to encourage users to do things correctly, especially issues like this which can easily be found without even knowing it's an issue (Google-ing "Email Regular Expression" brings up results for me on the first page recommending it's not a good idea)

Certainly when it comes to security, authors should do their best to ensure users of the tool are educated, when there's a security issue with any large software product, particularly open source, that's mostly down to poor configuration or ill-informed users, the authors are instantly criticized, but I think it should be the same for any general features in a tool that targets a specific functionality. This particular "best practice" is quite easy to find, and the tool is very specifically targeted towards validation, yet has something that's against best practice and could potentially cause frustration for people who use this tool, and people who use the stuff created using this tool.

I wrote a similar library last year, called kommissar. The code is running in production in several node.js apps.

If somebody is interested in the code, you can have a look at the github project.


Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact