PDA

View Full Version : Checking top level domains



Blake
02-28-2007, 02:43 PM
In my efforts to make a almost foolproof email address validation script for my contact form, I've added a complete list of top level domains. The email address is now checked to see if it has a valid top level domain. I store all the tld's in an array, and when the form is submitted, I search through it to see if the tld on the users email address is in the list. If the tld is not found, it tells the user to enter a valid email address.

I'm just wondering if this is a bad idea. New tld's can be created, and there are a lot of them (although any computer capable of accessing the internet should be able to do the search almost instantly, I think)

Any thoughts? Has anyone tried this before?

Here's the scripts:




var emailErMsg = "Please enter a valid email address.";
var subErMsg = "Please enter a message subject.";
var msgErMsg = "Please enter a message.";
var tlds = new Array (".aero",".biz",".cat",".com",".coop",".edu",".gov",".info",".int",".jobs",".mil",".mobi",".museum",".name",".net",".org",".pro",".travel",
".ac",".ad ",".ae",".af",".ag",".ai",".al",".am",".an",".ao",".aq",".ar",".as",".at",".au",".aw",".ax",".az",".ba",".bb",".bd",".be",".bf",".bg",
".bh", ".bi", ".bj", ".bm", ".bn", ".bo", ".br",".bs",".bt",".bv",".bw",".by",".bz",".ca" ,".cc" ,".cd",".cf",".cg",".ch",".ci",".ck",".cl",".cm",
".cn",".co",".cr",".cu",".cv",".cx",".cy",".cz",".de",".dj",".dk" ,".dm",".do",".dz",".ec",".ee",".eg",".er",".es",".et",".eu",".fi",".fj",".fk",
".fm",".fo",".fr",".ga",".gb",".gd",".ge",".gf",".gg",".gh",".gi",".gl",".gm",".gn",".gp",".gq",".gr",".gs",".gt",".gu",".gw",".gy",".hk",".hm",
".hn",".hr",".ht",".hu",".id",".ie",".il",".im",".in",".io",".iq",".ir",".is",".it",".je",".jm",".jo",".jp",".ke",".kg",".kh",".ki",".km" ,".kn",
".kr",".kw",".ky" ,".kz",".la",".lb",".lc",".li",".lk",".lr",".ls",".lt",".lu",".lv",".ly",".ma",".mc",".md",".mg",".mh",".mk",".ml",".mm",".mn",
".mo",".mp",".mq",".mr",".ms",".mt",".mu",".mv",".mw",".mx",".my",".mz",".na",".nc",".ne",".nf",".ng",".ni",".nl",".no",".np",".nr",".nu",".nz",
".om",".pa",".pe",".pf",".pg",".ph",".pk",".pl",".pm",".pn",".pr",".ps",".pt",".pw",".py",".qa" ,".re" ,".ro",".ru",".rw",".sa",".sb",".sc",".sd",
".se",".sg",".sh",".si",".sj",".sk",".sl",".sm",".sn",".so",".sr",".st",".su",".sv",".sy",".sz",".tc",".td",".tf",".tg",".th",".tj",".tk",".tl",
".tm",".tn",".to",".tp",".tr",".tt",".tv",".tw",".tz",".ua",".ug",".uk",".um",".us",".uy",".uz",".va" ,".vc",".ve",".vg",".vi",".vn",".vu",".wf",
".ws",".ye",".yt",".yu" ,".za",".zm",".zw");

function isWhitespace(str) // check if a string contains only whitespace
{
for (var i=0; i<str.length; i++)
{
if (str.charAt(i) != " ") return false;
}
return true;
}

function validate(form_h)
{
var email = form_h.email.value;
var sub = form_h.subject.value;
var msg = form_h.message.value;

var atPos = email.indexOf("@");
if (atPos <= 0)
{
form_h.email.focus();
alert(emailErMsg);
return false;
}
var dotPos = email.lastIndexOf(".");
var tld = email.substr(dotPos);

if (dotPos == -1 || dotPos <= atPos + 1 || tld.length < 3)
{
form_h.email.focus();
alert(emailErMsg);
return false;
}

var i;
for (i=0; i<tlds.length && tld != tlds[i]; i++) {}
if (i == tlds.length)
{
form_h.email.focus();
alert(emailErMsg);
return false;
}

if (isWhitespace(sub))
{
form_h.subject.focus();
alert(subErMsg);
return false;
}

if (isWhitespace(msg))
{
form_h.message.focus();
alert(msgErMsg);
return false;
}

return true;
}

Twey
02-28-2007, 04:38 PM
Don't do this.

Do some basic client-side validation if you like (check for an @ sign and possibly a dot somewhere after it), but leave it to the server to do the final, conclusive validation.

Blake
02-28-2007, 04:56 PM
So I should do some basic validation client side, and if that passes, then use the server to check the top level domain?

Thanks

Twey
02-28-2007, 05:05 PM
Not just the top level domain, but the whole address.

I don't know what your server-side setup is, but most SMTP libraries contain some basic validation functions (PHP's mail() will return false if the sending of the message fails, for example; the only reasons this will happen is the email string is badly formatted, the specified domain doesn't exist, or the server's internet connection is down. The latter is unlikely [considering that we've just served a page from it], and the former two can be grouped into a single "invalid email address" error).