Skip to content

Ruby File Validation

How it works

  1. The file gets uploaded to your server.
  2. Before storing the file on disk, it is being validated on server side.

Jump to Complete Example

File Upload

In the Server Upload article we explain the steps to upload an file on your server. When you insert an file in the rich text editor, you can validate its format. However that check is done only on the filename and not on the mime type. We recommend to make additional checks on server side just to make sure that users don't upload files in bad formats.

Validate Extension

The WYSIWYG editor's Ruby SDK comes with the possibility to check the file extension when it is being stored on the disk. Additional to the file name extension, it is using the mime type of the file for better accuracy.

class UploadController < ActionController::Base

  ...

  def upload_file
    options: {
      fieldname: 'file',
      validation: {
        allowedExts: [".txt", ".pdf", ".doc", ".json", ".html"],
        allowedMimeTypes: [ "text/plain", "application/msword", "application/x-pdf", "application/pdf", "application/json","text/html" ]
      }
    }

    # Upload the file.
    FroalaEditorSDK::File.upload(params, "public/uploads/files/", options)
  end

  ...

end

Custom Validation

You can also pass a custom method instead of validating the extension and mime type. This gives you full control on what types of files you want to store on disk. Below is an example of how to validate if a file is smaller than 10Mb.

class UploadController < ActionController::Base

  ...

  def upload_file
    options: {
       validation: Proc.new do |file, type|
         if File.size(file) > 10 * 1024 * 1024
           raise 'File size exceeded'
         end
       end
     })
    render :json => FroalaEditorSDK::File.upload(params, "public/uploads/files/", options)
  end

  ...

end

Complete Example

<script>
  new FroalaEditor('.selector', {
    // Set the file upload URL.
    fileUploadURL: '/upload_file',

    fileUploadParams: {
      id: 'my_editor'
    }
  })
</script>
class UploadController < ActionController::Base

  ...

  def upload_file
    options = {
      fieldname: 'file',
      validation: {
        allowedExts: [".txt", ".pdf", ".doc", ".json", ".html"],
        allowedMimeTypes: [ "text/plain", "application/msword", "application/x-pdf", "application/pdf", "application/json","text/html" ]
      }
    }

    render :json => FroalaEditorSDK::File.upload(params, "public/uploads/files/")
  end

  ...

end

Do you think we can improve this article? Let us know.