Le 2012-08-23 09:44, A.L.E.C a écrit :
But you know, Roundcube
uses javascript very extensively. So, disabled/altered/bypased or whatever would break Roundcube functionality at all, not only address validation ;)
Yes, I'm aware of that. But using tools like "developper toolbar" or "Firebug" firefox extensions, you can always manipulate data before sending to roundcube server-side php to bypass, by exemple, a javascript validation.
Don't know how it is in roundcube, but I
think that mail address validation can take place client-side in javascript for better user experience but should also be done server-side in php, ensuring outgoing mail from roundcube are at least syntaxically correct (and limiting XSS vulnerability risks).
And
that's how it's implemented in Roundcube ;)
ok, cool.
regards,
S.B.