I am trying to add validation, inside my User model to validation emails using regex.
However, it's spits a dummy out at the first apostrophe.
'email' => 'required|regex:/^[a-zA-Z0-9.!#$%&'*+\/=?^_`{|}~-]+#[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/',
Have you tried the 'email' validation rule?
'email' => 'required|email|unique:users,email'
http://laravel.com/docs/4.2/validation#rule-email
As the answer to this question on SO states, there is no simple regular expression to validate an email-address. Using your RegEx could maybe catch valid addresses (although that's just speculation of mine). Using the email-validation-rule would be my first choice.
But you are right, this is just the server side in the first place, if you ignore redirecting users back with input and error messages..
On the client-side, you would have some options. The first one would be to simply rely on the build in browser-validation, by declaring the corresponding input-field as an email-address which you should do anyway:
{{ Form::email($name, $value = null, $attributes = array()) }}
Another, more advanced way would be to create some kind of helper to check the typed input via Ajax using the same validation rule and returning the error messages or sth. similar. This could be an additional route to your Model-Resource for example. This way, you would be stable and consistent.
Related
recently, I started playing with Django and created a custom form for user registration. In that form to create the field for email I use something like
email = forms.EmailField()
I observed that address such as a#a.a is considered invalid by the form. Of course this is a nonsense email address. Nonetheless, I wonder how does Django checks for validity.
I found some topics on the net discussing how to check for validity of an email address but all of them were providing some custom ways. Couldn't find something talking about the django default validator.
In their docs on the email filed they specify
Uses EmailValidator to validate that the given value is a valid email address, using a moderately complex regular expression.
However that's not very specific so I decided to ask here.
For anyone also interested in this, I would suggest looking up the implementation (django.core.validators) as was kindly suggested by iklinac in the comments.
In it, there is not just the source but also mentions about standards that were used to derive regexes that check if domain and literal have valid format.
us should check docs here https://www.geeksforgeeks.org/emailfield-django-forms/#:~:text=EmailField%20in%20Django%20Forms%20is,max_length%20and%20min_length%20are%20provided.
if u wanna check validation use clean function like this :
from django.forms.fields import EmailField
email = EmailField()
my_email = "a#a.a"
print(email.clean(my_email))
if your email is valid then this func return value else return validation error
I am on rails 4.2.1 (ruby 2.2.1p85) and I want to sanitize user input and also have that text cleared out of the post/get params. I don't want to solely depend on native rails 4 auto escaping.
Being a bit new to rails I was not aware of the sanitize options.
http://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html
I was originally going to create a helper for such purposes so I could do something as shown below. I'm trying to sanitize form input to secure against Cross-site scripting (XSS) vulnerabilities.
basic helper example This works but its probably not the best rails way to do it? Also the text is still in the post/get request.
<%= text_field_tag :input_text, Safetxt(params[:input_text]) %>
helper method
def Safetxt(input_value)
txtOut = input_value
if txtOut.blank?
txtOut = ""
else
txtOut = txtOut.gsub("<script>", "")
txtOut = txtOut.gsub("</script>", "")
end
return txtOut
end
on submit the input_text is cleaned on output but the get/post values still contain the stripped values.
input_text=<script>alert%28"blah"%29<%2Fscript>
How can I utilize a custom scrubber in a helper method to properly sanitize input (remove dangerous text,tags)? I'm a bit confused how to implement this properly with custom rules.
For example something as shown below (I know this is wrong). Also what is the best way to exclude that text in the post/get request as well? I know I should sanitize the text in the controller side for input, but if there is a way, I'd like that text to be cleared on the submit request if that's possible.
def Safetxt(input_value)
scrubber = Rails::Html::TargetScrubber.new
scrubber.tags = ['script']
txtOut = input_value
if txtOut.blank?
txtOut = ""
else
txtOut.scrub!(scrubber)
end
return txtOut
end
You can use the Rails 4 sanitize method to strip out tags that are not "whitelisted" by default by rails.
So in your controller code you can have:
ActionView::Base.new.sanitize("<script>alert('hello')</script>")
which would strip out the script tag. You can whitelist your own attributes or elements rather than the default or if you want more custom behavior you can define your own scrubber in the sanitize method.
I want to be sure, two attributes don't have the same value with a validation in my Rails4 application. I know about confirmation validation but I need exactly the opposite of that.
Does Rails have this kind of validation?
You need to create a custom validation I think:
validate :check_attribute1_and_attribute2
def check_attribute1_and_attribute2
if attribute_1 == attribute_2
errors.add( :column_2, ' Value 2 cannot be similar to Value 1!')
end
end
Hope it helps :)
I had a similar need and wanted a simple solution. I thought this worked out pretty well in the end.
validates :applicant_id, exclusion: {
in: -> (reference_request) { [reference_request.reference_id] },
message: 'cannot also be a reference'
}
I have an member model with contains an email field. I recently realized that if a part of the email is capitalized, it won't show up in Django queries if I try to filter by the email (multiple member objects have the same email, but it may not be capitalized). I could have just made all emails lower-case when entering them into the database, but it's too late for that now (as the website is already launched). So how do I check who has a certain email, without being case sensitive?
Just use iexact:
User.objects.filter(email__iexact='email#email.com')
Case-insensitive exact match. If the value provided for comparison is None, it will be interpreted as an SQL NULL (see isnull for more details).
Member.objects.filter(email__iexact=email)
I have a regular expression that works great when I try it:
System.Text.RegularExpressions.Regex.IsMatch("universal",#"^[A-Za-z0-9 ._’&-/s]{0,100}$")
true
System.Text.RegularExpressions.Regex.IsMatch("universal £$%$£%",#"^[A-Za-z0-9 ._’&-/s]{0,100}$")
false
But when I use it as a validation filter:
[RegularExpression(#"^[A-Za-z0-9 ._’&-/s]{0,100}$", ErrorMessage = "The parameter is not valid")]
It works in the client side, but it does not work on the server side. For example when I pass the word "universal" the ModelState contains an error regarding the field marked with that regex validator.
This attribute is the only validation rule applied to that field, what may be the problem?
Cheers.