Proactive controls

The OWASP Top Ten Proactive Controls list ranks security techniques that every software development project should implement, and in 2018, input validation ranked number five. OWASP explains that developers should validate all inputs to ensure that only correctly formatted data enters every software system component.

Intentional input types

We should never blindly trust any data provided to us by our users. Using an input element without a type attribute is not a wise thing to do because, if not specified, "text" is used by default, allowing for any character to be entered. Instead, we should always guide the user to input expected characters.

There are 22 different input types that we can choose from, and there are numerous reasons why we should be intentional about setting the right one for every use case.

HTML5 introduced several new input types that help automatically validate user input, including email, tel (telephone), and color. When applicable, the browser will also use the input type to display a context-specific keyboard.

For example, when type is set to email, the browser automatically provides built-in client-side error validation.

Get hands-on with 1200+ tech skills courses.