i following along book beginning rails 4.
there appears mistake in chapter 6 related this:
"a common pitfall in ruby's regular expressions match string's beginning , end ^ , $, instead of \a , \z."
which saw here: http://guides.rubyonrails.org/security.html#regular-expressions
in particular, there user model email attribute, format of book says validate with:
validates_format_of :email, :with => /^[^@][\w.-]+@[\w.-]+[.][a-z]{2,4}$/i the format validator raises exception:
argumenterror: provided regular expression using multiline anchors (^ or $), may present security risk. did mean use \a , \z, or forgot add :multiline => true option? i want make sure: precisely case using ^ , $ security threat, right?
if so, can substitute ^ , $ \a , \z. how use :multiline => true option in case?
it's precisely security error pointed to. it's insecure use ^ , $ in context. warning appeared in rails 4. if using rails 3 validation never complain this. security risks same in rails 3 well.
:multiline => true parameter required if need compare beginning , end of line, opposed comparing beginning , end of string. introduced due frequent misuse of ^ , $ instead \a , \z.
Comments
Post a Comment