普通EX pressions与回报率4验证 [英] Regular expressions with validations in RoR 4

问题描述

有以下code：

class Product < ActiveRecord::Base
  validates :title, :description, :image_url, presence: true
  validates :price, numericality: {greater_than_or_equal_to: 0.01}
  validates :title, uniqueness: true
  validates :image_url, allow_blank: true, format: {
      with: %r{\.(gif|jpg|png)$}i,
      message: 'URL must point to GIT/JPG/PNG pictures'
  }
end

它的工作原理，但是当我尝试使用耙测试，以测试它，我会抓住这样的信息：

It works, but when I try to test it using "rake test" I'll catch this message:

rake aborted!
The provided regular expression is using multiline anchors (^ or $), which may present a security risk. Did you mean to use \A and \z, or forgot to add the :multiline => true option?

这是什么意思？我该如何解决这个问题？

What does it mean? How can I fix it?

推荐答案

^ 和 $ 的起始行和行末锚。

^ and $ are Start of Line and End of Line anchors.

string = "abcde\nzzzz"
# => "abcde\nzzzz"
/^abcde$/ === string
# => true

在 \ A 和 \ Z 是字符串常驻启动和String锚结束。

While \A and \z are Permanent Start of String and End of String anchors.

/\Aabcde\z/ === string
# => false

所以Rails是告诉你，你一定要使用 ^ 和 $ ？你难道不想使用 \ A 和 \ Z 呢？

So Rails is telling you, "Are you sure to use ^ and $? Don't you want to use \A and \z instead?"

还有更多的是这里生成此警告铁轨的安全问题。

There is more on the rails security concern that generates this warning here.

这篇关于普通EX pressions与回报率4验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！