app/models/project.rb
Insufficient validation for 'start_date' using /\d{4}-\d{2}-\d{2}/. Use \A and \z as anchors Open
Open
validates :start_date, format: { with: /\d{4}-\d{2}-\d{2}/,
- Read upRead up
- Exclude checks
Calls to validates_format_of ..., :with => //
which do not use \A
and \z
as anchors will cause this warning. Using ^
and $
is not sufficient, as they will only match up to a new line. This allows an attacker to put whatever malicious input they would like before or after a new line character.
See the Ruby Security Guide for details.