# Validation
Validation is required to disallow the user from inserting arbitrary data into the system.
# Background
# Context
The literature defines two types of input validation: Syntactic and semantic validation. The former defines restrictions for the syntax of the given data, like a price in Euro being in the format 123.456,67€
. The latter, on the other hand, is used to validate the data in the context of the application. While -1,23€
is syntactically correct for a price, an auction website would consider it as semantically incorrect if a user tries to bid this amount.
# Problems
- Validation needs to be holistic → only validating some inputs is insufficient!
- Validation has to be correct → Balance between restrictiveness and usability
- Validation patterns can be complicated → Regex used by HTML
input
element of type email:/^[a-zA-Z0-9.!#$%&’*+/=?^_‘{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/
# Technology
# HTML5
Since user input is often or mainly received through web forms, HTML5 input
elements can be used to validate this data. Depending on the selected type
attribute, a different input validation is chosen. A list of the available types in HTML5 can be found here (opens new window).
# General
In Node.js and Java, an immense amount of different input validators is available, ranging from small, single validator libraries to libraries that offer an assortment of out-of-the-box validators to schema builders.
DANGER
The usage of validators does not guarantee the correct validation of input. The developers themselves are required to enhance security through validation!