app/models/task.rb
Insufficient validation for 'duedate' using /\d{4}-\d{2}-\d{2}/. Use \A and \z as anchors Open
Open
validates_format_of :duedate, with: /\d{4}-\d{2}-\d{2}/, :message => "must be in the following format: yyyy-mm-dd"
- Read upRead up
- Exclude checks
Calls to validates_format_of ..., :with => //
which do not use \A
and \z
as anchors will cause this warning. Using ^
and $
is not sufficient, as they will only match up to a new line. This allows an attacker to put whatever malicious input they would like before or after a new line character.
See the Ruby Security Guide for details.