Home/ Questions/Q 829835
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T03:56:42+00:00

I am writing an application where users are required to show their photo, however

  • 0

I am writing an application where users are required to show their photo, however as my server resources are very limited I can not let them upload it to the server.

So I have three major questions:

1. How to properly validate photo URL? At least I can validate with regexp, however I need to check for file ending:

`validates_format_of :photo_url, :with => URI::regexp(%w(http https))`

2. Security issues? XSS?

Even I validate the picture at the moment of creation, hacker can replace image with malicious stuff anytime.

3. Maybe there are free asset stores with API?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    1. How to properly validate photo URL?

    You can use a plugin that validates the format of an URL or write it your self:

      validates_each :photo_url do |record, attr, value|
    begin
      uri = URI::parse(value)
      record.errors.add(nil, 'Sorry, you may only use http/https links') if (uri.class.to_s =~ /URI::HTTPS?/).nil?
      record.errors.add(nil, 'The url must point to a picture') unless value =~ /\.(png|jpg|jpeg)$/i
    rescue URI::InvalidURIError
      record.errors.add(nil, 'The format of the url is not valid')
    end
  end

    2. Security issues? XSS?

    There aren’t any outstanding security issues as long as you escape the text.
    <%=h image_tag obj.photo_url %> is safe.
    Take in mind, that the user can still use a 100MB image that will slow down every visitor.

    3. Maybe there are free asset stores with API?

    There aren’t any that I know of, but rackspace cloud, amazon s3 hosting is pretty cheap.
    Some image upload plugins have support for these two, so you’ll at least save some time.

    • 0