In the documentation I read:
在我所阅读的文件中:
Use \A and \z to match the start and end of the string, ^ and $ match the start/end of a line.
使用\A和\z来匹配字符串的开始和结束,和$匹配行的开始/结束。
I am going to apply a regular expression to check username (or e-mail is the same) submitted by user. Which expression should I use with validates_format_of in model? I can't understand the difference: I've always used ^ and $ ...
我将应用一个正则表达式来检查用户的用户名(或电子邮件是相同的)。我应该在模型的validates_format_of中使用哪个表达式?我不能理解的区别:我一直用^和$……
4 个解决方案
#1
167
If you're depending on the regular expression for validation, you always want to use \A and \z. ^ and $ will only match up until a newline character, which means they could use an email like me@example.com\n<script>dangerous_stuff();</script> and still have it validate, since the regex only sees everything before the \n.
如果您依赖于正则表达式进行验证,那么您总是希望使用\A和\z。^和$只会匹配到一个换行符,这意味着他们可以使用电子邮件me@example.com \ n <脚本> dangerous_stuff();> < /脚本,还有验证,自正则表达式\ n之前只能看到一切。
My recommendation would just be completely stripping new lines from a username or email beforehand, since there's pretty much no legitimate reason for one. Then you can safely use EITHER \A \z or ^ $.
我的建议是,事先从用户名或电子邮件中完全删除新行,因为几乎没有合法的理由。然后您可以安全地使用\ \ z或^ $。
#2
138
According to Pickaxe:
根据鹤嘴锄:
^Matches the beginning of a line.^匹配一行的开始。
$Matches the end of a line.$匹配一行的结束。
\AMatches the beginning of the string.\A匹配字符串的开头。
\zMatches the end of the string.\z与字符串的末尾匹配。
\ZMatches the end of the string unless the string ends with a"\n", in which case it matches just before the"\n".\Z与字符串的末尾匹配,除非字符串以“\n”结尾,在这种情况下,它在“\n”之前匹配。
So, use \A and lowercase \z. If you use \Z someone could sneak in a newline character. This is not dangerous I think, but might screw up algorithms that assume that there's no whitespace in the string. Depending on your regex and string-length constraints someone could use an invisible name with just a newline character.
因此,使用\A和小写\z。如果你使用\Z,某人可能会偷偷地使用换行符。我认为这并不危险,但可能会破坏算法,假设字符串中没有空格。根据正则表达式和字符串长度的限制,可以使用一个不可见的名称和一个换行符。
JavaScript's implementation of Regex treats \A as a literal 'A' (ref). So watch yourself out there and test.
JavaScript对Regex的实现是一个字面的“A”(ref)。所以,注意自己的存在和测试。
#3
9
The start and end of a string may not necessarily be the same thing as the start and end of a line. Imagine if you used the following as your test string:
字符串的开始和结束不一定与一行的开始和结束相同。想象一下,如果您使用以下作为测试字符串:
my
name
is
Andrew我的名字叫安德鲁
Notice that the string has many lines in it - the ^ and $ characters allow you to match the beginning and end of those lines (basically treating the \n character as a delimeter) while \A and \Z allow you to match the beginning and end of the entire string.
注意字符串有很多行^和$字符允许你匹配的开始和结束行(基本上治疗\ n字符字段名)而\ \ Z允许你匹配整个字符串的开始和结束。
#4
5
Difference By Example
不同的例子
-
/^foo$/matches any of the following,/\Afoo\z/does not: - / ^ foo $ /匹配任何下列/ \ Afoo \ z /不:
whatever1
foo
whatever2foo
whatever2whatever1
foo-
/^foo$/and/\Afoo\z/all match the following: - / $/ /\ z/所有匹配如下:
foo
#1
167
If you're depending on the regular expression for validation, you always want to use \A and \z. ^ and $ will only match up until a newline character, which means they could use an email like me@example.com\n<script>dangerous_stuff();</script> and still have it validate, since the regex only sees everything before the \n.
如果您依赖于正则表达式进行验证,那么您总是希望使用\A和\z。^和$只会匹配到一个换行符,这意味着他们可以使用电子邮件me@example.com \ n <脚本> dangerous_stuff();> < /脚本,还有验证,自正则表达式\ n之前只能看到一切。
My recommendation would just be completely stripping new lines from a username or email beforehand, since there's pretty much no legitimate reason for one. Then you can safely use EITHER \A \z or ^ $.
我的建议是,事先从用户名或电子邮件中完全删除新行,因为几乎没有合法的理由。然后您可以安全地使用\ \ z或^ $。
#2
138
According to Pickaxe:
根据鹤嘴锄:
^Matches the beginning of a line.^匹配一行的开始。
$Matches the end of a line.$匹配一行的结束。
\AMatches the beginning of the string.\A匹配字符串的开头。
\zMatches the end of the string.\z与字符串的末尾匹配。
\ZMatches the end of the string unless the string ends with a"\n", in which case it matches just before the"\n".\Z与字符串的末尾匹配,除非字符串以“\n”结尾,在这种情况下,它在“\n”之前匹配。
So, use \A and lowercase \z. If you use \Z someone could sneak in a newline character. This is not dangerous I think, but might screw up algorithms that assume that there's no whitespace in the string. Depending on your regex and string-length constraints someone could use an invisible name with just a newline character.
因此,使用\A和小写\z。如果你使用\Z,某人可能会偷偷地使用换行符。我认为这并不危险,但可能会破坏算法,假设字符串中没有空格。根据正则表达式和字符串长度的限制,可以使用一个不可见的名称和一个换行符。
JavaScript's implementation of Regex treats \A as a literal 'A' (ref). So watch yourself out there and test.
JavaScript对Regex的实现是一个字面的“A”(ref)。所以,注意自己的存在和测试。
#3
9
The start and end of a string may not necessarily be the same thing as the start and end of a line. Imagine if you used the following as your test string:
字符串的开始和结束不一定与一行的开始和结束相同。想象一下,如果您使用以下作为测试字符串:
my
name
is
Andrew我的名字叫安德鲁
Notice that the string has many lines in it - the ^ and $ characters allow you to match the beginning and end of those lines (basically treating the \n character as a delimeter) while \A and \Z allow you to match the beginning and end of the entire string.
注意字符串有很多行^和$字符允许你匹配的开始和结束行(基本上治疗\ n字符字段名)而\ \ Z允许你匹配整个字符串的开始和结束。
#4
5
Difference By Example
不同的例子
-
/^foo$/matches any of the following,/\Afoo\z/does not: - / ^ foo $ /匹配任何下列/ \ Afoo \ z /不:
whatever1
foo
whatever2foo
whatever2whatever1
foo-
/^foo$/and/\Afoo\z/all match the following: - / $/ /\ z/所有匹配如下:
foo