I am writing an application where users are required to show their photo, however as my server resources are 开发者_StackOverflowvery limited I can not let them upload it to the server.
So I have three major questions:
1. How to properly validate photo URL? At least I can validate with regexp, however I need to check for file ending:
`validates_format_of :photo_url, :with => URI::regexp(%w(http https))`
2. Security issues? XSS?
Even I validate the picture at the moment of creation, hacker can replace image with malicious stuff anytime.
3. Maybe there are free asset stores with API?
1. How to properly validate photo URL?
You can use a plugin that validates the format of an URL or write it your self:
validates_each :photo_url do |record, attr, value|
begin
uri = URI::parse(value)
record.errors.add(nil, 'Sorry, you may only use http/https links') if (uri.class.to_s =~ /URI::HTTPS?/).nil?
record.errors.add(nil, 'The url must point to a picture') unless value =~ /\.(png|jpg|jpeg)$/i
rescue URI::InvalidURIError
record.errors.add(nil, 'The format of the url is not valid')
end
end
2. Security issues? XSS?
There aren't any outstanding security issues as long as you escape the text.
<%=h image_tag obj.photo_url %> is safe.
Take in mind, that the user can still use a 100MB image that will slow down every visitor.
3. Maybe there are free asset stores with API?
There aren't any that I know of, but rackspace cloud, amazon s3 hosting is pretty cheap. Some image upload plugins have support for these two, so you'll at least save some time.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论