Ruby has two different ways to match the start and the end of a text:

• ^ (Start of line) and $ (End of line)
• \A (Start of string) and \z (End of string)

Rails Long Term Support

Rails LTS provides security patches for old versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2)

• Prevents you from data breaches and liability risks
• Upgrade at your own pace
• Works with modern Rubies

Read more Show archive.org snapshot

Most often you want to use \A and \z.

Here is a short example in which we want to validate the content type of a file attachment. Normally we would not expect content_type_1 to be a valid content type with the used regular expression image\/(jpeg|png). But as ^ and $ will match lines, it matches both content_type_1 and content_type_2. Using \A and \z will work as expected instead and excludes content_type_1.

content_type_1 = "image/jpeg\napplication/javascript"
content_type_2 = "image/jpeg"


# Using `^` and `$`
content_type_1.match(/^image\/(jpeg|png)$/)
# => <MatchData "image/jpeg" 1:"jpeg">
content_type_2.match(/^image\/(jpeg|png)$/)
# => <MatchData "image/jpeg" 1:"jpeg">


# Using `\A` and `\z`
content_type_1.match(/\Aimage\/(jpeg|png)\z/)
# => nil
content_type_2.match(/\Aimage\/(jpeg|png)\z/)
# => <MatchData "image/jpeg" 1:"jpeg">

Rails

Newer Rails explicitly warns you, when you use ^ and $ in validations with a regular expression, as this might be a security risk.

Used validation in the model:

validates_format_of :content_type, :with => /^image\/(jpeg|png)$/

Resulting exception:

The provided regular expression is using multiline anchors (^ or $), which may present a security risk. Did you mean to use \A and \z, or forgot to add the :multiline => true option? (ArgumentError)

You can remove this warning by changing your validation like this (Be sure you really want to):

validates_format_of :content_type, :with => /^image\/(jpeg|png)$/, multiline: true

See also

• Matching line feeds with regular expressions works differently in every language