Upload
simon-courtois
View
218
Download
0
Embed Size (px)
DESCRIPTION
Je montre ici une simple mesure de sécurité concernant les expressions régulières de validation.
Citation preview
V! R"#$p% %&'( f)*%%"% !S+,&' COURTOIS - @-)pp.'&/
^...$
^...$
class User < ActiveRecord::Base attr_accessible :email
validates :email, presence: true, uniqueness: true, format: { with: / /i }end
http://www.regular-expressions.info/email.html
^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$
^...$
✗totoexemple.fr
✔
^...$
ˆ...$
http://ruby-doc.org/core-1.9.3/Regexp.html
Anchors
^ - Matches beginning of line$ - Matches end of line
\A...\Z
http://ruby-doc.org/core-1.9.3/Regexp.html
Anchors
^ - Matches beginning of line$ - Matches end of line\A - Matches beginning of string\Z - Matches end of string
\A...\Z
class User < ActiveRecord::Base attr_accessible :email
validates :email, presence: true, uniqueness: true, format: { with: /^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i }end
\A...\Z
class User < ActiveRecord::Base attr_accessible :email
validates :email, presence: true, uniqueness: true, format: { with: /\A[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\Z/i }end
\A...\Z
✗totoexemple.fr
hellototoexemple.frhello
✗
\A...\Z
M"r0+ !S+,&' COURTOIS - @-)pp.'&/