Email validation using regex

I believe using regular expression is a very bad idea for validating an email address. The main issue seems to stem from the fact that regex is primitive tool to validate the complexity in email grammar, as specified in RFC 5322.

Recently I tried registering for an account at the RTA mobile site at http://www.mpark.rta.ae, all went fine except for the fact that my valid email account which I have been using since 2006 is not recognized as a valid one.

RTA Registration Form

I tried to find out the mechanism they are using to validate the mail, and as expected it was based on a regular expression located as part of their script repo. The script we are interested is located in a JavaScript function called isValidEmail which goes in the following way:

1
2
3
4
5
function isValidEmail(str) {
   //var re=/^.+@.+..+$/;
   var re=/^w+([.-]?w+)*@w+([.-]?w+)*(.w{2,3})+$/;
   return re.test(str);
}

As it is visible from the above code the regex used will not validate my 4 letter TLD. This is a bad practice and if you are a client facing website, it will sure put off potential clients.

For the RTA site, I simply set a break-point on the return statement and reassigned the variable re to /./, this allowed me to bypass that validation and proceed with the registration.

comments powered by Disqus