In the demo for forms, go to the email field and enter this: "This @ should . also && work [email protected]" You'll find that this doesn't cause a constraint violation because the value does, in fact, contain a valid email. This is because client side uses JavaScript's String's match() method which is more like Matcher's find() method. However, I doubt that's the intent of the constraint.

When the same constraint is validated server-side, it works as expected because server-side validation uses Matcher's matches() method which matches against the entire string. This seems rather confusing to me. Whether this is intentional behavior or not, it seems like the documentation could be updated to make things more clear. I don't believe I've seen anything in the documentation that even hints at this difference between client-side vs server-side validation. Am I missing something?