Email Regex

[pyrossh]

Using

 /^[-a-z0-9~!$%^&*_=+}{\'?]+(\.[-a-z0-9~!$%^&*_=+}{\'?]+)*@([a-z0-9_][-a-z0-9_]*(\.[-a-z0-9_]+)*\.(aero|arpa|biz|com|coop|edu|gov|info|int|mil|museum|name|net|org|pro|travel|mobi|[a-z][a-z])|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}))(:[0-9]{1,5})?$/i

[kumarharsh]

That OWASP is incredibly bad! That's surprising, given the reason they exist!

Have a look at Angular's email validation regex, which is itself ported from chromium's regex, which is what w3c recommends:

/^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/

REF: angular/angular.js#5899

[kumarharsh]

I think the current PR using the emailregex.com regex is better, as it doesn't allow invalid email addresses like:
..test@example.com

The w3c regex lets the one above pass, the person inputting that bad email is then responsible to actually "verify" his email, or something equivalent.

On a related note, this one is valid, but I don't think a web service would need this... a custom implementation might though:
test@example

In the end, we have to decide: what's the purpose of themis? To serve the web, or be more general purpose?