Posted over 6 years ago. Visible to the public. Repeats.

Regex: Be careful when trying to match the start and/or end of a text

Ruby has two different ways to match the start and the end of a text:

  • ^ (Start of line) and $ (End of line)
  • \A (Start of string) and \z (End of string)

Most often you want to use \A and \z.

Here is a short example in which we want to validate the content type of a file attachment. Normally we would not expect content_type_1 to be a valid content type with the used regular expression image\/(jpeg|png). But as ^ and $ will match lines, it matches both content_type_1 and content_type_2. Using \A and \z will work as expected instead and excludes content_type_1.

Copy
content_type_1 = "image/jpeg\napplication/javascript" content_type_2 = "image/jpeg" # Using `^` and `$` content_type_1.match(/^image\/(jpeg|png)$/) # => <MatchData "image/jpeg" 1:"jpeg"> content_type_2.match(/^image\/(jpeg|png)$/) # => <MatchData "image/jpeg" 1:"jpeg"> # Using `\A` and `\z` content_type_1.match(/\Aimage\/(jpeg|png)\z/) # => nil content_type_2.match(/\Aimage\/(jpeg|png)\z/) # => <MatchData "image/jpeg" 1:"jpeg">

Rails

Newer Rails explicitly warns you, when you use ^ and $ in validations with a regular expression, as this might be a security risk.

Used validation in the model:

Copy
validates_format_of :content_type, :with => /^image\/(jpeg|png)$/

Resulting exception:

Copy
The provided regular expression is using multiline anchors (^ or $), which may present a security risk. Did you mean to use \A and \z, or forgot to add the :multiline => true option? (ArgumentError)

You can remove this warning by changing your validation like this (Be sure you really want to):

Copy
validates_format_of :content_type, :with => /^image\/(jpeg|png)$/, multiline: true

By refactoring problematic code and creating automated tests, makandra can vastly improve the maintainability of your Rails application.

Owner of this card:

Avatar
Thomas Eisenbarth
Last edit:
about 1 month ago
by Emanuel De
About this deck:
We are makandra and do test-driven, agile Ruby on Rails software development.
License for source code
Posted by Thomas Eisenbarth to makandra dev
This website uses cookies to improve usability and analyze traffic.
Accept or learn more