better safe url checking

2008-08-07 17:45:33 -05:00 · 2008-08-07 17:45:33 -05:00 · 9fdd7d46c7
parent f4fe450f0f
commit 9fdd7d46c7
1 changed files with 13 additions and 0 deletions
--- a/app/models/comment.rb
+++ b/app/models/comment.rb
@ -1,6 +1,7 @@
 class Comment < ActiveRecord::Base
  belongs_to :page
  belongs_to :author
+  validate :safe_url
  
  def name
    if self.author
@ -9,4 +10,16 @@ class Comment < ActiveRecord::Base
      self.user
    end
  end
+  
+  private
+  
+  def safe_url
+    return true if self.url.to_s.empty?
+    if self.url =~ /^http:\/\// and self.url !~ /[^a-zA-Z0-9\._:\-\/]/
+      true
+    else
+      self.errors.add(:url, "is not a permissible address")
+      false
+    end
+  end
 end