SECURITY: email domain whitelist could be bypassed

lib/validators/email_validator.rb

@@ -22,7 +22,7 @@ class EmailValidator < ActiveModel::EachValidator
 
   def self.email_in_restriction_setting?(setting, value)
     domains = setting.gsub('.', '\.')
-    regexp = Regexp.new("@(.+\\.)?(#{domains})", true)
+    regexp = Regexp.new("@(.+\\.)?(#{domains})$", true)
     value =~ regexp
   end
 

spec/components/validators/email_validator_spec.rb

@@ -40,6 +40,7 @@ describe EmailValidator do
       expect(blocks?('sam@bob.email.com')).to eq(false)
       expect(blocks?('sam@e-mail.com')).to eq(true)
       expect(blocks?('sam@googlemail.com')).to eq(false)
+      expect(blocks?('sam@email.computers.are.evil.com')).to eq(true)
     end
   end