Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Email Regexp Security Issue #698

Closed
mbrio opened this issue Dec 1, 2010 · 1 comment
Closed

Email Regexp Security Issue #698

mbrio opened this issue Dec 1, 2010 · 1 comment

Comments

@mbrio
Copy link

mbrio commented Dec 1, 2010

I've been testing Devise and noticed that the regexp for validating correct emails seems to be insecure. The current implementation in ~/config/initializers/devise.rb uses a regexp that checks for the beginning and end of a line using ^ and $ when I believe it should be using \A and \z so that harmful characters can not be used to concatenate an XSS attack. I only noticed this when I went over the Rails Guide at guides.rubyonrails.org entitled "Securing Rails Applications" (http://guides.rubyonrails.org/security.html).
@josevalim
Copy link
Contributor

Fix e-mail regexp. Closed by b50fd1a

janx pushed a commit that referenced this issue Apr 19, 2011
@josevalim
Fix e-mail regexp. Closes #698
b50fd1a
myun2 pushed a commit to myun2/devise_not_email that referenced this issue Dec 8, 2015
@josevalim
Fix e-mail regexp. Closes heartcombo#698
c2feed6
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@josevalim @mbrio