Input validation¶
Whitelisting approach
Regex Validation – Allow only expected characters (e.g., ^[a-zA-Z0-9_-]+$).
Type Casting – Convert strings to integers/dates early.
Risks
SQLi, XSS, command injection
Example (JavaScript - Whitelist):
// Allow only alphanumeric usernames
if (!/^[a-z0-9]+$/i.test(username)) {
throw new Error("Invalid input");
}
Last update:
2025-06-07 06:04