Input Validation
Learn how input validation can help mitigate security concerns while also providing a better user experience.
Proactive controls
The OWASP Top Ten Proactive Controls list ranks security techniques that every software development project should implement, and in 2018, input validation ranked number five. OWASP explains that developers should validate all inputs to ensure that only correctly formatted data enters every software system component.
Intentional input types
We should never blindly trust any data provided to us by our users. Using an input
element without a type
attribute is not a wise thing to do because, if not specified, "text"
is used by default, allowing for any character to be entered. Instead, we should always guide the user to input expected characters.
There are 22 different input types that we can choose from, and there are numerous reasons why we should be intentional about setting the right one for every use case.
HTML5 introduced several new input types that help automatically validate user input, including email
, tel
(telephone), and color
. When applicable, the browser will also use the input type
to display a context-specific keyboard.
For example, when type
is set to email
, the browser automatically provides built-in client-side error validation.
Get hands-on with 1200+ tech skills courses.