Email Address Validation for ASP.NET

Question

What do you use to validate an email address on a ASP.NET form. I want to make sure that it contains no XSS exploits.

This is ASP.NET 1.1

Answer 1

Any script tags posted on an ASP.NET web form will cause your site to throw and unhandled exception.

You can use a asp regex validator to confirm input, just ensure you wrap your code behind method with a if(IsValid) clause in case your javascript is bypassed. If your client javascript is bypassed and script tags are posted to your asp.net form, asp.net will throw a unhandled exception.

You can use something like:

<asp:RegularExpressionValidator ID="regexEmailValid" runat="server" ValidationExpression="\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*" ControlToValidate="tbEmail" ErrorMessage="Invalid Email Format"></asp:RegularExpressionValidator> 

Answer 2

Here is a basic email validator I just created based on Simon Johnson's idea. It just needs the extra functionality of DNS lookup being added if it is required.

using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Web.UI.WebControls; using System.Text.RegularExpressions; using System.Web.UI;  namespace CompanyName.Library.Web.Controls {     [ToolboxData("<{0}:EmailValidator runat=server></{0}:EmailValidator>")]     public class EmailValidator : BaseValidator     {          protected override bool EvaluateIsValid()         {             string val = this.GetControlValidationValue(this.ControlToValidate);             string pattern = @"^[a-z][a-z|0-9|]*([_][a-z|0-9]+)*([.][a-z|0-9]+([_][a-z|0-9]+)*)?@[a-z][a-z|0-9|]*\.([a-z][a-z|0-9]*(\.[a-z][a-z|0-9]*)?)$";             Match match = Regex.Match(val.Trim(), pattern, RegexOptions.IgnoreCase);              if (match.Success)                 return true;             else                 return false;         }      } } 

Update: Please don't use the original Regex. Seek out a newer more complete sample.