Confirmed users
491
edits
WebAppSec/Secure Coding Guidelines: Difference between revisions
WebAppSec/Secure Coding Guidelines (view source)
Revision as of 21:34, 1 October 2011
, 1 October 2011→Goal of Input Validation
m (→Contributors: added me) |
|||
| Line 167: | Line 167: | ||
'''Examples of Good Input Validation Approaches''' | '''Examples of Good Input Validation Approaches''' | ||
For each field define the types of acceptable characters and an acceptable number of characters for the input | For each field define the types of acceptable characters and an acceptable number of characters for the input | ||
* Username: Letters, numbers, 3 to 10 characters | * Username: Letters, numbers, certain special characters, 3 to 10 characters | ||
* Firstname: Letters, single apostrophe, 1 to 30 characters | * Firstname: Letters, single apostrophe, dash, 1 to 30 characters | ||
* Simple Zipcode: Numbers, 5 characters | * Simple US Zipcode: Numbers, 5 characters | ||
Note: These are just examples to illustrate the idea of whitelist input validation. You'll need to adjust based on the type of input you expect. | |||
===JavaScript vs Server Side Validation=== | ===JavaScript vs Server Side Validation=== | ||