Ruby on Rails Security Project - Journal - Ruby regular expression fun

Monday

Apr162007

Ruby regular expression fun

Monday, April 16, 2007 at 5:55PM

I found several regular expressions to validate all sorts of things, URLs, names, email addresses, et cetera. Here is an example for an email address validation, I found:

/^([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})$/i

How do you like the following email address, which validates fine with this filter?:

hre32443_d.@ter.com%0A<script>alert('hello')</script>

%0A is a line break.

^$ in Ruby match LINE begin and end, not the overall begin and end, \A and \z does the job! The same JavaScript works in the part before the @. This is a first step to disallow HTML and line breaks:

/\A([^@\s<>'"]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i

A whitelist approach is always better (are there other characters in a name?):

/\A([\w\.\-\+]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i

Edit: This will match most of today's email addresses, without comments. For email addresses compliant to the RFC 822, you can use this regular expression.

Heiko |

360 Comments |

18 References |

View Printer Friendly Version

Email Article to Friend

References (18)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Response: Mishanya

by Andrus at Andrus on March 14, 2011

Fda medication guide, Health mental health disorders anxiety obsessive compulsive, Insomnia cure cause. Fda medication guide Biological treatments for anxiety disorders Learned helplessness theory of depression
Response: Vio

by Dem_murm at Dem_murm on March 14, 2011

Anxiety disorder cause sore throat, Melancholy depression, Medication reglan. Masturbation as a sleep aid Ambience music Learned helplessness theory of depression
Response: Vergoin

by Brew! at Brew! on April 9, 2011

Womens Bicycles, Used Bicycle, Road Bicycle. http://awardon.info/Bicycles/Mountain-Bicycles/ - Mountain Bike http://awardon.info/Bicycles/Bicycle-Seat/ - Beach Cruiser http://awardon.info/Bicycles/Bicycles/ - Bicycle Light http://awardon.info/Bicycles/Vintage-Bicycle/ - Bicycle Seat
Response: WallTaZar

by Votary at Votary on April 11, 2011

Dog Food Pedigree, Dog Food Coupons, Iams Dog Food. Dog Food Pedigree Dog Food Coupons Iams Dog Food Iams Dog Food
Response: Natasha

by Czigan at Czigan on April 16, 2011

Depression from recovering teen workbook, Prescription medication name, Anxiety dog separation training. Medication for anxiety disorder in child Depression chat Symptoms of a panic attack panic attack medication anxiety Ultraset medication
Response: Voroshil

by Shuvalova at Shuvalova on April 27, 2011

Anxiety stress induced muscle spasm, Florastar medication, Surgical procedure for depression. Herbal remidies for depression Ministerio de medio ambiente guatemala brinemy.info Drinks they used during the great depression
Response: Padonak

by Barvara at Barvara on April 30, 2011

Blackberry Produceers, Blackberry Gps, Unlocked Blackberry Pearl. http://balmus.info/BlackBerry/Blackberry-Tmobile/ - Blackberry T Mobile http://balmus.info/BlackBerry/Unlocked-Blackberry-8320/ - Best Sprint Blackberry http://balmus.info/BlackBerry/Blackberry-Holder-Cell-Phone/ - Used Blackberry
Response: Kelensul

by Eanee at Eanee on May 1, 2011

Trek 3692 Hybrid Bike, Trek 7200 Bicycle Hybrid, Trek Close Out Road Bikes. Trek 7100 Hybrid Bike Trek Road Bike Sales Trek 400 Road Bike Buy Trek Bicycle Hybrid
Response: Fost

by Au?ea at Au?ea on May 9, 2011

Adapter Motorola Notebook Wireless Wn825G, Motorola Razer V3 Phone Cases, Motorola Outlet Adapters. Motorola T605 Adapter Prius Cell Phone Cases Motorola V325I Motorola L7 Slvr Cases Motorola I576 Data Cable Adapter Motorola V3 Razor Cases
Response: Eaia

by Ieeieae at Ieeieae on May 11, 2011

Orthopedic Dog Bed Water Proof, Dog Bed Pink Dog Beds, Memory Foam Orthopedic Dog Beds Discounted. http://knocka.info/Comfort-Dog-Bed/Small-Pink-Pet-Beds/ - Orthopedic Dog Beds For Small Dogs http://knocka.info/Comfort-Dog-Bed/Comfortable-Beds-For-Dogs/ - Luxury Wood Dog Bed
Response: Setx

by GREEN at GREEN on May 14, 2011

Boxer Dog Apparel, Custom Dog Apparel, Florida Gator Dog Apparel. http://leadiap.info/Dog-Apparel/Hawaiian-Clothes-Dog-Apparel/ - Fleece Dog Apparel http://leadiap.info/Dog-Apparel/Dachshund-Dog-Apparel-Dog-Apparel/ - Clearance Dog Apparel http://leadiap.info/Dog-Apparel/Dog-Apparel-With-Reflective-Tape/ - Flame Dog Apparel
Response: Immortal

by Muskat at Muskat on May 27, 2011

Nokia 918 Replacement Charger, Nokia 3555B Charger, Nokia Charger 110V. Nokia Compact Charger Ac 3U Cell Phone Car Charger Nokia 2720 Nokia 6230 Battery Chargers Nokia 6233 Charger
Response: GodBanner

by WerwolF_02 at WerwolF_02 on June 7, 2011

Hair Accessories For Girls, Hair Accessory Bump It, Hair Accessory For Dreadlocks. http://hair-accessories.seccoal.com/Wholesale-Hair-Accessories/Vintage-Hair-Accessories/ - Hair Accessories Combs Metal http://hair-accessories.seccoal.com/Wholesale-Hair-Accessories/Wholesale-Hair-Barrettes-Accessories/ - Hair Dreading Coil Accessory
Response: Tranquil

by Pot at Pot on June 9, 2011

Lens Fujifilm, Fujifilm E900 Manual, Fujifilm Digital Camera Manual. http://avatall.com/Manual/Fujifilm-Z200Fd/ - Fujifilm Finepix S2 Pro Manual http://avatall.com/Manual/Fujifilm-2600-Repair/ - Fujifilm Z3 Case http://avatall.com/Lenses/Fujifilm-S5000-Lens/ - Fujifilm Fine Pix V5
Response: Ninja

by Deg at Deg on June 9, 2011

Battery Flashing Motorola V300, Motorola V276 Cell Phone Battery, Motorola Razr V3 Battery Snn5777A Oem. Motorola 9049 Battery Motorola I 700 Plus Battery Cheap Motorola Saber Battery Motorola Droid Accessories Battery Motorola Cell Phone Battery Radio Shack
Response: AnnushkA

by Denislife at Denislife on June 20, 2011

Custom Dog Collar Green, Custom Cotton Dog Collars, Custom Leather Studded Dog Collar. Custom Dog Collar University College Discount Customized Pet Collar Custom Cotton Dog Collars
Response: Jess

by TaN at TaN on July 12, 2011

Digital Slr Camera, Straight Talk Cell Phones 6790, Straight Talk 810c. http://phonesgg.info/Cell-Phones/New-Cricket-Phones/ - Boost Mobile I1 http://phonesgg.info/Cell-Phones/Cell-Phone-Nokia-Twist/ - Samsung R451c Cover http://phonesgg.info/Cell-Phones/Motorola-Cliq/ - Unlocked Nokia Cell Phones
Response: Total

by Chucha at Chucha on July 12, 2011

Brother Color Laser Printer, Brother Laser Printer, Canon Ink Cartridge. http://printerkk.info/Printers/Color-Laser-Printer-Wireless/ - Laser Printer http://printerkk.info/Printers/Canon-Printer-Ink/ - Brother Laser Printer http://printerkk.info/Printers/Color-Laser-Printer-Scanner/ - Prototype Printer

Reader Comments (360)

Should definitely allow '_' and '+' in the account name, too.

April 16, 2007 |

hannibal

_ is in \w
I agree on +, thanks, I changed it.

April 16, 2007 |

Heiko

This regex won't validate many forms of email addresses such as those with embedded comments or valid special characters in the local part. I'd prefer to use by Tim Fletcher, which is much closer to what the RFC allows.

The plugin uses this same code internally when checking an email's syntax.

April 16, 2007 |

Dan Kubb

Thanks. Yes, I went for the email address, only, without comments.

April 16, 2007 |

Heiko

Cheap xanax. Cheap xanax online buy cheap xanax buy cheap xanax. Xanax cheap phentermine forum r veries. Buy cheap xanax without prescription....

May 23, 2007 |

Cheap xanax.

your regex also allows emails in this form:

.aasdf@domain.tv

is a email address with a dot as a first letter really valid?

I guess the regex is better like this:

May 23, 2007 |

dieter

Hi Jim. Photos i received. Thanks

June 4, 2007 |

Bill Compton

hello,
i'm looking for some help at the moment. i implemented a validation, but i don't fully understand the reg ex:
/\A([\w\.\-\+]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\z/i
is my understanding right?:
\A :beginning of string
\z :end of string
[\w\.\-\+] :word characters, dots, minuses and pluses are allowed in the first range?
concatenated with @ then second range
(?:[-a-z0-9]+\.) : within lowercase characters and numbers concatenated with .
+[a-z]{2,}) : concatenated with 2 up to many characters

i'm confused-need help thx

June 25, 2007 |

tobias

yes, kind of:
\w stands for [A-Za-z0-9_]

ignore ?: here
(?:[-a-z0-9]+\.)+ => several blocks separated by dots. The blocks can be alphanumerical and a -

[a-z]{2,} stands for the TL domain, at least two characters

But I recommend the RFC 822 expression.

June 25, 2007 |

Heiko

I like your website I will share this with friends

June 26, 2007 |

aams casin vietati

Just wanted to say hi, thanks and bye

June 27, 2007 |

casino online italia

Boy, this is some high-class site

June 28, 2007 |

giochi casino online gratis

This is a very beautiful website, I have enjoyed my visit here very much. I'm very honoured to sign in your guestbook. Thanking you for the great work that you are doing here.

June 28, 2007 |

europa casino bonus

Good-looking site. Congratulations.

June 29, 2007 |

click

Hi I thank you for a wonderful site. You have done very good job.

June 30, 2007 |

pquer roulette black jack crap

Nice! We truly liked this work .

July 2, 2007 |

visit

%-) genuinely interested by this website

July 2, 2007 |

buy viagra now

quite enjoyed your work .

July 2, 2007 |

get cheap viagra online low pr

This is a one super duper site

July 3, 2007 |

viagra online uk

Howdy! Great site. Great content. Great! I can recommend this site to others!

July 5, 2007 |

gambling on line

Post a New Comment

Enter your information below to add a new comment.

My response is on my own website »

Author:

Author Email (optional):

Author URL (optional):

Post:

↓ | ↑

Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Ruby regular expression fun

References (18)

Reader Comments (360)

Post a New Comment

Link an External Response