better safe url checking

master
Coleman 2008-08-07 17:45:33 -05:00
parent f4fe450f0f
commit 9fdd7d46c7
1 changed files with 13 additions and 0 deletions

View File

@ -1,6 +1,7 @@
class Comment < ActiveRecord::Base
belongs_to :page
belongs_to :author
validate :safe_url
def name
if self.author
@ -9,4 +10,16 @@ class Comment < ActiveRecord::Base
self.user
end
end
private
def safe_url
return true if self.url.to_s.empty?
if self.url =~ /^http:\/\// and self.url !~ /[^a-zA-Z0-9\._:\-\/]/
true
else
self.errors.add(:url, "is not a permissible address")
false
end
end
end