Validation is required to disallow the user from inserting arbitrary data into the system.
The literature defines two types of input validation: Syntactic and semantic validation. The former defines restrictions for the syntax of the given data, like a price in Euro being in the format
123.456,67€. The latter, on the other hand, is used to validate the data in the context of the application. While
-1,23€is syntactically correct for a price, an auction website would consider it as semantically incorrect if a user tries to bid this amount.
- Validation needs to be holistic → only validating some inputs is insufficient!
- Validation has to be correct → Balance between restrictiveness and usability
- Validation patterns can be complicated → Regex used by HTML
inputelement of type email:
Since user input is often or mainly received through web forms, HTML5
input elements can be used to validate this data. Depending on the selected
type attribute, a different input validation is chosen. A list of the available types in HTML5 can be found here (opens new window).
In Node.js and Java, an immense amount of different input validators is available, ranging from small, single validator libraries to libraries that offer an assortment of out-of-the-box validators to schema builders.
The usage of validators does not guarantee the correct validation of input. The developers themselves are required to enhance security through validation!