🔧 CodeSOD: An Alerting Validation

There are things which are true. Regular expressions frequently perform badly. They're hard to read. Email addresses are not actually regular languages, and thus can't truly be validated (in all they're many possible forms) by a pure regex.

These are true. It's also true that a simple regex can get you most of the way there.

Lucas found this in their codebase, for validating emails.

function echeck(str) {

    var at="@";
    var dot=".";
    var lat=str.indexOf(at);
    var lstr=str.length;
    var ldot=str.indexOf(dot);
    if (str.indexOf(at)==-1){
        alert("You must include an accurate email address for a response.");
        return false;
    }

    if (str.indexOf(at)==-1 || str.indexOf(at)==0 || str.indexOf(at)==lstr){
        alert("You must include an accurate email address for a response.");
        return false;
    }

    if (str.indexOf(dot)==-1 || str.indexOf(dot)==0 || str.indexOf(dot)==lstr){
        alert("You must include an accurate email address for a response.");
        return false;
    }

    if (str.indexOf(at,(lat+1))!=-1){
        alert("You must include an accurate email address for a response.");
        return false;
    }

    if (str.substring(lat-1,lat)==dot || str.substring(lat+1,lat+2)==dot){
        alert("You must include an accurate email address for a response.");
        return false;
    }

    if (str.indexOf(dot,(lat+2))==-1){
        alert("You must include an accurate email address for a response.");
        return false;
    }

    if (str.indexOf(" ")!=-1){
        alert("You must include an accurate email address for a response.");
        return false;
    }

    return true;
}

It checks that the string contains an "@", and the "@" is not at the beginning or end of the string. Then it does the same check for a ".". Then it checks that there isn't a second "@". Then it checks that there are at least two non-"@" characters before the ".". Then it checks that there's at least one "." after the "@". Then it checks that there are no spaces.

Like a regex, I don't think this covers the entire space of valid and invalid email addresses, but that's just because the email address spec is complicated. It likely qualifies as "good enough", on that front. But it's the most awkward way to express that series of tests, especially since they create variables which might be useful, but never use them, thus calling str.indexOf many, many times. The awkwardness becomes more obvious with the way it outputs the same error message in multiple branches. Outputs them using alert I might add, which is the kind of choice that should send someone to the Special Hell™.