Validation

Validation is required to disallow the user from inserting arbitrary data into the system.

Background

Context

The literature defines two types of input validation: Syntactic and semantic validation. The former defines restrictions for the syntax of the given data, like a price in Euro being in the format 123.456,67€. The latter, on the other hand, is used to validate the data in the context of the application. While -1,23€is syntactically correct for a price, an auction website would consider it as semantically incorrect if a user tries to bid this amount.

Problems

• Validation needs to be holistic → only validating some inputs is insufficient!
• Validation has to be correct → Balance between restrictiveness and usability
• Validation patterns can be complicated → Regex used by HTML input element of type email: /^[a-zA-Z0-9.!#$%&’*+/=?^_‘{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$/

Technology

HTML5

Since user input is often or mainly received through web forms, HTML5 input elements can be used to validate this data. Depending on the selected type attribute, a different input validation is chosen. A list of the available types in HTML5 can be found here (opens new window).

General

In Node.js and Java, an immense amount of different input validators is available, ranging from small, single validator libraries to libraries that offer an assortment of out-of-the-box validators to schema builders.

DANGER

The usage of validators does not guarantee the correct validation of input. The developers themselves are required to enhance security through validation!