Quick and simple bug in the emails. It appears that you can set a invalid email address while registering or editing by just adding a @ in the field, and its accepted.
henrywright last edited by
@Kowlin just a side note, I always make sure I require email verification which seems to stop spoof email addresses at the point of registration.
We purposefully err on the side of accepting emails because running a regular expression to validate emails is ridiculously hard:
But atleast one thing is consistent, emails will always have a
.in them. Might be more helpful to do that then just
@to have a bigger safeguard to human failur.
The idea is that rejecting emails outright serves no purpose besides being an annoying roadblock for a user upon registration.
If someone wants to put in a garbage email, they'll figure out a way, and on the other hand, throwing errors on legit signups increases barrier to entry.
As above, best way to validate is to force email validation.