Any time you’re turning a string of input into something else, what you are doing is parsing.
Even if the word “parser” never appears in your code, the act of interpreting a string as structured data is parsing, and the code that does parsing is a parser.
Programmers write parsers quite a lot, and many of the parsers they write are ad-hoc, ill-specified, bug-ridden, and can’t tell you why your input didn’t parse right.
Writing a parser without realizing you’re writing a parser, usually leads to writing a bad parser. Bad parsers do things like accepting malformed input that causes security holes. When bad parsers do reject malformed input, they rarely emit useful error messages about why it’s malformed. Bad parsers are often written using regex and duct tape.
Try not to write bad parsers. If you need to parse something, consider writing a grammar and using a parser library. (If you’re very ambitious, try a parser combinator library.) But at least try to recall something about parsers you learned once way back in a CS class, before throwing regex at the problem and calling it a day.
(And now the word “parser” no longer makes sense, because of semantic satiation.)
By the way, please don’t write regex to try to validate email addresses. Seriously. There are libraries for that; some of them are even good. When people write their own regex to match email addresses, they do things like forget that the hyphen is a valid character in domain names.
Which ones? In RFC 5322 every address contains an addr-spec at some point, which in turn must include an @. RFC 6854 does not seem to change this. Or did I misread something?
Remember, we’re taking about regular expressions here so .+ means “a sequence of one or more arbitrary characters”. It does not imply that an actual dot is present.
Any time you’re turning a string of input into something else, what you are doing is parsing.
Even if the word “parser” never appears in your code, the act of interpreting a string as structured data is parsing, and the code that does parsing is a parser.
Programmers write parsers quite a lot, and many of the parsers they write are ad-hoc, ill-specified, bug-ridden, and can’t tell you why your input didn’t parse right.
Writing a parser without realizing you’re writing a parser, usually leads to writing a bad parser. Bad parsers do things like accepting malformed input that causes security holes. When bad parsers do reject malformed input, they rarely emit useful error messages about why it’s malformed. Bad parsers are often written using regex and duct tape.
Try not to write bad parsers. If you need to parse something, consider writing a grammar and using a parser library. (If you’re very ambitious, try a parser combinator library.) But at least try to recall something about parsers you learned once way back in a CS class, before throwing regex at the problem and calling it a day.
(And now the word “parser” no longer makes sense, because of semantic satiation.)
By the way, please don’t write regex to try to validate email addresses. Seriously. There are libraries for that; some of them are even good. When people write their own regex to match email addresses, they do things like forget that the hyphen is a valid character in domain names.
Amen.
Spoiler alert: Few of them are good, and those few are so simple that you might as well not use a library.
The only way to correctly validate an email address is to send a message to it, and verify that it arrived.
You can use a regex to do basic validation. That regex is
.+@.+
. Anything beyond that is a waste of time.There are also cases where you want to have a disallow list of known bad email providers. That’s also part of the parsing and validating.
It’s a valid need, but a domain blacklist isn’t part of email parsing and if you conflate the two inside your program then you’re mixing concerns.
Why is the domain blacklist even in your program? It should be a user configurable file or a list of domains in the database.
You are right in that it isn’t (or shouldn’t be) part of the parsing, but the program has to check the blacklist even if it’s in a database.
That rejects valid emails
Which ones? In RFC 5322 every address contains an addr-spec at some point, which in turn must include an @. RFC 6854 does not seem to change this. Or did I misread something?
EDIT: I’M DUMB I THOUGHT YOU MEANT A LITERAL “.” , that regex is indeed correct.
Original:
This is a valid address:
user.name@[IPv6:2001:db8:1ff::a0b:dbd0]
Relevant spec: https://www.rfc-editor.org/rfc/rfc5321#section-4.1.3
And you all doubted me… :P
Edit: Wait, I also don’t think local-part even needs a “.” in it? user@domain.com should be valid as well.
And it’s matched by
.+@.+
as it contains an @.Remember, we’re taking about regular expressions here so
.+
means “a sequence of one or more arbitrary characters”. It does not imply that an actual dot is present.(And I overlooked the edit. Oops.)