I have tested this item ✅ successfully on e0cbe2b

@infograf768 in #10760 I used the official w3c code for the reg ex, now you are modifying this. So if there was a mistake in my copy paste then this is a nice finding, but if it's not the case I would say stick with the official code.

EDIT: That was me (actually my freaking mac changing the quote)! So this is fine!

The problem is that the W3 regex is totally wrong, just a typo but an important one.
I had also used it in an older patch in 2014 (sorry folks, I was the one who introduced this in J..)
Their example of regex is wrong, as you can see in the RFC-2822 https://tools.ietf.org/html/rfc2822#section-3.4.1
See extract here:
#12804 (comment)
Wikipedia is also OK on this.

EDITL it was not wrong, @dgt41, on the part you used, but elsewhere at the time:
See https://www.w3.org/TR/html-markup/input.email.html

That is, any string which matches the following regular expression:
/^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/

I have tested this item ✅ successfully on e0cbe2b

RTC

Thanks @infograf768

In the username field the ' character 39 isn't allowed as well, so you can't use email addresses (John.O'Connor@foobar.com) as usernames as it is often used.

Good point

On 9 Nov 2016 7:10 a.m., "hotkeeper" notifications@github.com wrote:

In the username field the ' character 39 isn't allowed as well, so you
can't use email addresses (John.O'Connor@foobar.com) as usernames as it
is often used.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#12835 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABPH8TgLkwIWIL6WNxvuPw7aD2nq3tFVks5q8XHugaJpZM4KsVn2
.

Tip says:

Save failed with the following error: Please enter a valid username. No space at beginning or end, at least 2 characters and must not contain the following characters: < > \ " ' % ; ( ) &.

I would contact JSST on this.

And that's wrong. It is perfectly valid to have a name with a ' in it

The regex was similar in 2.5. I would not be so sure that it is valid. Let's first check.

As long as the input (and output) is properly escaped, it should be no problem to allow that.
If not, it may allow some security issues. I guess that is the reason it isn't allowed currently, to be on the safe side?

I guess so. I also checked in 1.6.5 and same regex.
As well in 1.5

@infograf768 @Bakual @brianteeman I wouldn't change the validate.js to allow ' in the username, if somebody wants to do that let them override that rule!

On what basis would you justify not allowing someone to use their name -
tryng to understand the logic of your statement

On 9 November 2016 at 08:56, Dimitri Grammatikogianni <
notifications@github.com> wrote:

@infograf768 https://github.com/infograf768 @Bakual
https://github.com/Bakual @brianteeman https://github.com/brianteeman
I wouldn't change the validate.js to allow ' in the username, if somebody
wants to do that let them override that rule!

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#12835 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABPH8baBI2jTW8VdPNA3R0EY2COrmdTAks5q8XzLgaJpZM4KsVn2
.

Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
https://brian.teeman.net/ http://brian.teeman.net/

@brianteeman it's all about forbidden characters, and single quote is one of them

Try telling that to everyone with a forbidden character in their name -
maybe it is rare in greece to have a ' in your name but it is VERY common
in many countries

On 9 November 2016 at 09:13, Dimitri Grammatikogianni <
notifications@github.com> wrote:

@brianteeman https://github.com/brianteeman it's all about forbidden
characters, and single quote is one of them

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#12835 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABPH8cykBhfVkfVVJy10_M2StYKjmVT7ks5q8YCvgaJpZM4KsVn2
.

Brian Teeman
Co-founder Joomla! and OpenSourceMatters Inc.
https://brian.teeman.net/ http://brian.teeman.net/

'Name' is not 'Username'
One can enter a single quote in the Name.

If security requires not to use these special characters in a Username since 1.5, there must have been a reason.

@brianteeman my last name is way too long to fit in most sites placeholders for that, so I have to cut it so it doesn t look awkward.
@infograf768 I don't see any gain of allowing single quotes in the username field

@dgt41 It is very common to use the email address as username, and a single quote is a valid character in an email address!

@hotkeeper if you want to do that, there plenty plugins in the extensions directory that will allow you to do it correctly, (use email instead of username)

See also discussion here:
https://groups.google.com/forum/#!topic/joomla-dev-cms/c5Pq2ANXCOI

@rdeutz
As anyhow the username discussion is unrelated to this PR, please merge. Thanks.