Why does ror throw an error when trying to validate an input string?

A

Alexey Bondarenko2014-04-29 18:21:53

Ruby on Rails

Alexey Bondarenko, 2014-04-29 18:21:53

Here's an error:

The provided regular expression is using multiline anchors (^ or $), which may present a security risk. Did you mean to use \A and \z, or forgot to add the :multiline => true option?

Although everything in the text of the book and examples corresponds to the recommendations of the authors:

class Product < ActiveRecord::Base

  validates :description, :title, :image_url, presence: true
  validates :price, numericality: {greater_than_or_equal_to: 0.01}
  validates :title, uniqueness: true
  validates :image_url, allow_blank: true, format: {
    with: %r{\.(gif|jpg|png)$}i,
    message: 'Must be a valid URL for a gif, png, or jpg..'
  }
end

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

R

rsludge, 2014-04-30
@alekseyasherbondarenko

It's not quite right. Your regular expression is generally valid, but you should use \A and \z instead of ^ and $ to indicate the beginning and end of a line (and not a line within a line). This is such a common mistake, coming from ignorance of the features of regular expressions in ruby, that at one time there was a heated discussion that this should be changed. As a result, apparently, they simply added a warning in the form of an error to the rail.
To make it clear what exactly the error is:
"filename.png\n some other text" will be valid, although it shouldn't be.

A

Alexey Bondarenko, 2014-04-29
@alekseyasherbondarenko

There is a solution - you can simply remove the dollar symbol from the validation regular expression.
www.stackoverflow.com/a/22001759