# Validation

Validation is required to disallow the user from inserting arbitrary data into the system.

# Background

# Context

The literature defines two types of input validation: Syntactic and semantic validation. The former defines restrictions for the syntax of the given data, like a price in Euro being in the format 123.456,67€. The latter, on the other hand, is used to validate the data in the context of the application. While -1,23€is syntactically correct for a price, an auction website would consider it as semantically incorrect if a user tries to bid this amount.

# Problems

  • Validation needs to be holistic → only validating some inputs is insufficient!
  • Validation has to be correct → Balance between restrictiveness and usability
  • Validation patterns can be complicated → Regex used by HTML input element of type email: /^[a-zA-Z0-9.!#$%&’*+/=?^_‘{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/

# Technology


Since user input is often or mainly received through web forms, HTML5 input elements can be used to validate this data. Depending on the selected type attribute, a different input validation is chosen. A list of the available types in HTML5 can be found here (opens new window).

# General

In Node.js and Java, an immense amount of different input validators is available, ranging from small, single validator libraries to libraries that offer an assortment of out-of-the-box validators to schema builders.


The usage of validators does not guarantee the correct validation of input. The developers themselves are required to enhance security through validation!

Last Updated: 7/3/2022, 3:51:46 PM