Why does HTML5 form-validation allow emails without a dot?

128
votes

I'm writing a very simple mock-up to demonstrate some HTML5 form-validation. However, I noticed the email validation doesn't check for a dot in the address, nor does it check for characters following said dot.

In other words, "john@doe" is considered valid, when it's clearly not a valid email address; "doe" isn't a domain.

This is how I'm coding my email field:

<input type="email" required />

Is that not enough?

Check this fiddle to see what I mean.

Note: I know how to accomplish this via a RegEx pattern instead. I'm just wondering how someone could get away with using the email type instead.

8
htmlemail-validation
@Katana314 - heh, yup. Most (well-configured) mailservers will reject messages being sent to addresses that don't match an expected domain, so generally speaking there isn't an issue with localhost addresses.admdrew
possible duplicate of How does HTML5 input type email works without top level domain nameLéo Lam

8 Answers

102
votes

Because a@b is a valid email address (eg localhost is a valid domain). See http://en.wikipedia.org/wiki/Email_address#Examples

Also, keep in mind that you should always do the input validation in server. The client side validation should be only for giving feedback to the user and not be relied on, since it can be easily bypassed.

143
votes

You can theoretically have an address without a "." in.

Since technically things such as:

user@com
user@localserver
user@[IPv6:2001:db8::1]

Are all valid emails.

So the standard HTML5 validation allows for all valid E-mails, including the uncommon ones.

For some easy to read explanations (Instead of reading through the standards): http://en.wikipedia.org/wiki/Email_address#Examples

34
votes

Try adding this to the input

pattern="[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,63}$"

Fiddle

15
votes

The RFC 822, chapter 6, gives the specification of an address in augmented Backus-Naur Form (BNF):

addr-spec   =  local-part "@" domain
local-part  =  word *("." word)
domain      =  sub-domain *("." sub-domain)

Using this specification a@b is a valid address.

UPDATE

To answer the comment of Trejkaz, I add the following definitions. We see that SPACE are allowed but only in quoted string.

word          =  atom / quoted-string
atom          =  1*<any CHAR except specials, SPACE and CTLs>
quoted-string = <"> *(qtext/quoted-pair) <">
SPACE         =  <ASCII SP, space>
CTL           =  <any ASCII control character and DEL> 
qtext         =  <any CHAR excepting <">, "\" & CR, and including linear-white-space>
quoted-pair   =  "\" CHAR
9
votes

On this MDN page it shows the regex browsers should use to validate the email:

https://developer.mozilla.org/en-US/docs/Web/HTML/Element/input/email#Validation

You can slightly change this regex to require at least one dot in the domain name: change the star * at the end of the regex to a plus +. Then use that regex as the pattern attribute:

<input type="email" pattern="^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)+$"></input>
3
votes

You can customize the pattern of the email field:

input:valid {
  border-color: green
}

input:invalid {
  border-color: red
}
Email:
<input type="email" required value="a@b.c" /><br>

Non-dots Email:
<input type="email" required pattern="[^.]+@[^.]+" value="a@b.c" />
3
votes

Here is how you can do it with html5 using regex pattern. You can also include a custom message to display.

<form>
  <input type="email" value="paul@test" required pattern="[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,63}$" title="Hey, you are missing domain part in the email !!!"/>
  <button type="submit">Click Me</button>
</form>
-5
votes

This pattern always works for me.

Text must in lowercase pattern="[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,}$" but I think it covers more or less most emails.