Le 2012-08-23 09:44, A.L.E.C a écrit :

But you know, Roundcube uses javascript very extensively. So, disabled/altered/bypased or whatever would break Roundcube functionality at all, not only address validation ;)

Yes, I'm aware of that. But using tools like "developper toolbar" or "Firebug" firefox extensions, you can always manipulate data before sending to roundcube server-side php to bypass, by exemple, a javascript validation.

Don't know how it is in roundcube, but I think that mail address validation can take place client-side in javascript for better user experience but should also be done server-side in php, ensuring outgoing mail from roundcube are at least syntaxically correct (and limiting XSS vulnerability risks).

And that's how it's implemented in Roundcube ;)

ok, cool.

regards,

S.B.