|
|
|
|
|
|
by kazinator
703 days ago
|
|
|
Of course you should sanitize input, and escape everything properly in the context-specific way. Defining what is valid for an input field and rejecting everything else helps the user catch mistakes. It's not just for security. Some kinds of information are tricky to sanitize. Names, addresses and such. Especially in an application or site that has global users. Do the wrong thing and you end up aggravating users, who are not able to input something legitimate. But maybe don't allow, say, a date field to be "la la la" or even "December 47, 2023". |
|
|