TIP: Click on subject to list as thread! ANSI
echo: rberrypi
to: MARTIN GREGORIE
from: DELOPTES
date: 2020-03-19 22:37:00
subject: Re: Regexes and C
Martin Gregorie wrote:

>> That’s fundamentally the wrong approach. Instead, use an appropriate
>> quoting/escaping scheme. See
>> https://cheatsheetseries.owasp.org/cheatsheets/
> Cross_Site_Scripting_Prevention_Cheat_Sheet.html
>> for many examples.
>>
> Interesting stuff, but its all HTML and JS-related - nothing much there I
> can use outside that environment.
>
> I'm dealing with bog standard e-mails which can have been sent from
> almost any hardware using almost any software and at the immediate point
> of interest, are being passed between by processes written in Python, C
> and bash. My immediate concern is to sanitise sender addresses being
> passed through a bash script, which is the only piece of the puzzle
> written my myself apart, of course, from the sanitiser.
>

I've been reading this for some time now and I really do not understand this
hassle.

I think I even read somewhere few years ago when studying all types of
online registration and verification mechanics, that mail address was not
meant to be checked on the client side for validity. Just let the SMTP do
this for you and handle the result. This was confirmed by experts in the
field AFAIR (18mil mail addresses and > 200 domains) when I was involved in
a DMARK roll out there.

In case of internal/external address let the SMTP do this for you - use the
configuration to handle all that issues.

I would rather accept the mail and let be delivered. If it can not be
delivered, it will return anyway.
Use your local SMTP to handle local domains and add rewrite rules there for
the external domains. Anything else is dropped. It's so simple.

If you need something like those "create account" templates, it is usually
handled by verification link. Well there are those sites who give you
temporary mail address, but they are usually filtered (by precendence the
least).

And also what do you mean by sanitize?!

And last but not least - there is nothing greater than perl for working with
regex.

But as it was already mentioned things changed over the years - you can have
UTF/unicode and most of the examples are not working, however I guess
people took care of that already
(https://learn.perl.org/examples/email_valid.html)

And if you need it fast you can embed
https://stackoverflow.com/questions/1616217/using-perl-with-compiled-c-library

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.