Validating date field
$"); public void do Post( Http Servlet Request request, Http Servlet Response response) Be aware that any Java Script input validation performed on the client can be bypassed by an attacker that disables Java Script or uses a Web Proxy.Ensure that any input validation performed on the client is also performed on the server.Input validation should be applied on both syntactical and semantic level.Syntactic validation should enforce correct syntax of structured fields (e.g.Detailed information on XSS prevention here: OWASP XSS Prevention Cheat Sheet Many websites allow users to upload files, such as a profile picture or more. Many web applications do not treat email addresses correctly due to common misconceptions about what constitutes a valid address.
Input validation can be used to detect unauthorized input before it is processed by the application.
It's also free-form text input that highlights the importance of proper context-aware output encoding and quite clearly demonstrates that input validation is not the primary safeguards against Cross-Site Scripting — if your users want to type apostrophe (') or less-than sign ( References: Input validation of free-form Unicode text in Python Developing regular expressions can be complicated, and is well beyond the scope of this cheat sheet.
There are lots of resources on the internet about how to write regular expressions, including: and the OWASP Validation Regex Repository.
If the input field comes from a fixed set of options, like a drop down list or radio buttons, then the input needs to match exactly one of the values offered to the user in the first place.
Free-form text, especially with Unicode characters, is perceived as difficult to validate due to a relatively large space of characters that need to be whitelisted.
If it's well structured data, like dates, social security numbers, zip codes, e-mail addresses, etc.