In my app, I allow users to submit urls. They (of course) need the ability to submit urls with a forward slash, "/", but whats the regular expression to allow them to do that?
I currently use:
validates_format_of :url, :with => /^[-\w\_.]+$/i
to only allow alphanumerics, dashes, underscores, and dots to prevent cross site scripting when I later reconstruct these urls, but I can't figure out how to allow "/" as well.
Any ideas?
am a newbee.. but i think u can use underscore method for the whole url that will put '/' instead of ' : '
Have you tried escaping them "\/"?
frogstarr78 wrote:
Have you tried escaping them "\/"?
Another way would be to use %r, that way you can avoid the leaning toothpick syndrome alltogether;
/^http:\/\/myhostname\.com\/foo$/i
would become
%r{http://myhostname\.com/foo}i
But before you start piecing your own regexp together have a look at the regexp patterns in the URI::REGEXP::PATTERN module (in your ruby lib directory under uri/common.rb). Could save you some work depending on what and how you want to validate.
Sven
Sven Riedel wrote:
/^http:\/\/myhostname\.com\/foo$/i
would become
%r{http://myhostname\.com/foo}i
And of course I forgot the anchors in the second example. So the correct version is:
%r{^http://myhostname\.com/foo$}i
Use Ruby's other regexp syntax:
%r{pattern}
To continue your example below:
validates_format_of :url, :with => %r{^[-\w_./]+$}
AlwaysCharging wrote:
Yes, that did it. Thank you. No idea how I try everything and overlook the simplest solution, duh.
And, Thank you to everyone else that weighed in as well, definitely some other options to look into.
Side note: Anybody know why the period doesn't have to be escaped? Like just "." allows the dot to be input, as well as "\." So, [-\w\_\.\/] works just as [-\w\_.\/]. Why is this?
It actually depends on where the "." is in the Regexp. In your case it is inside a Character Class "". So it is matching the "." character explicitly. Since \w is shorthand for the [a-zA-Z] character class. It is parsed as a character class instead of an escaped "w" character. So you could actually change the character class to be %r|[-\w_./]|. No need to further escape the "_", or "-" since it is at the beginning of the class (That's for another reason though).
But that made me question why I couldn't just put the "/" inside of the bracket as well. Like why did that have to be escaped if the period didn't. (I guess it's because in that syntax, the forward slash has closure properties.) Oh well it's working now, and I escaped the . as well (\.). Thank you for your help. Much appreciated frogstarr
Yeah, I understand what you mean. No worries.