I trying to write a Image validation format that makes sure url ends with either .png, .jpg or .gif .
class Product < ActiveRecord::Base
mount_uploader :image_url
validates :title, :presence => true,
:uniqueness => true
validates :image_url, :presence => true,
:format => {
:with => %r{\.(gif|jpg|png)$}i,
:message => 'must be a URL for GIF, JPG or PNG image.'
}
end
But when i start my server. seeing this:
The provided regular expression is using multiline anchors (^ or $), which may present a security risk. Did you mean to use \A and \z, or forgot to add the :multiline => true option?
^
and $
are both line anchors. If a user were to pass in a string with http://www.foo.com/bar.png\nfoo_bar_baz!
, then your regex is going say that the input is valid because it will match .png
to the newline, which is not what you want.
Change your regex above to be %r{\.(gif|jpg|png)\z}i
instead. The \z
is an end of string anchor, which is what you want instead of the end of line anchor.
There are some great answers on another, very similar question: Difference between \A \z and ^ $ in Ruby regular expressions.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With