[openstreetmap/openstreetmap-website] Use end-of-string termination check when validating urls (#2570)

Andy Allan notifications at github.com
Wed Apr 1 07:56:19 UTC 2020


> It would probably be more sensible to use something like https://github.com/perfectline/validates_url rather than rolling our own terribly broken regex...

I'm totally in favour of moving away from maintaining our own regexps! I didn't even realise that this one was broken; I was just trying to make the minimal necessary patch.

I'll close this PR and open a fresh one.

> is this actually fixing anything? and if so what?

So my line of thinking is that we have a validator to make sure that it's only valid URLs in these attributes, but due to a flaw in the regexp (no `\z`), you can have inputs that aren't valid URLs. Therefore, we should fix this. Whether that's a security problem or just a user experience problem, I don't think is important.

The side benefit is that this makes one few thing to think about in #2229! 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/2570#issuecomment-607094145
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20200401/c843ac55/attachment.htm>


More information about the rails-dev mailing list