本文介绍了RoR 4 中带有验证的正则表达式的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
有如下代码:
class Product < ActiveRecord::Base
validates :title, :description, :image_url, presence: true
validates :price, numericality: {greater_than_or_equal_to: 0.01}
validates :title, uniqueness: true
validates :image_url, allow_blank: true, format: {
with: %r{.(gif|jpg|png)$}i,
message: 'URL must point to GIT/JPG/PNG pictures'
}
end
它可以工作,但是当我尝试使用rake test"对其进行测试时,我会收到以下消息:
It works, but when I try to test it using "rake test" I'll catch this message:
rake aborted!
The provided regular expression is using multiline anchors (^ or $), which may present a security risk. Did you mean to use A and z, or forgot to add the :multiline => true option?
这是什么意思?我该如何解决?
What does it mean? How can I fix it?
推荐答案
^
和 $
是 Start of Line 和 End 线锚.而 A
和 z
是永久开始 字符串 和结束 字符串 锚点.
看看区别:
^
and $
are Start of Line and End of Line anchors. While A
and z
are Permanent Start of String and End of String anchors.
See the difference:
string = "abcde
zzzz"
# => "abcde
zzzz"
/^abcde$/ === string
# => true
/Aabcdez/ === string
# => false
所以 Rails 告诉你,你确定要使用 ^
和 $
吗?你不想使用 A
和 z
代替?"
So Rails is telling you, "Are you sure you want to use ^
and $
? Don't you want to use A
and z
instead?"
这里还有更多关于 Rails 安全问题的信息.
There is more on the rails security concern that generates this warning here.
这篇关于RoR 4 中带有验证的正则表达式的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!