Start C validating text box

C validating text box

Free-form text, especially with Unicode characters, is perceived as difficult to validate due to a relatively large space of characters that need to be whitelisted.

Specifically, it is completely valid to have an mailbox address which: At the time of writing, RFC 5321 is the current standard defining SMTP and what constitutes a valid mailbox address.

Please note, email addresses should be considered to be public data.

Input Validation should not be used as the primary method of preventing XSS, SQL Injection and other attacks which are covered in respective cheat sheets but can significantly contribute to reducing their impact if implemented properly.

Input validation should be applied on both syntactical and semantic level.

White list validation involves defining exactly what IS authorized, and by definition, everything else is not authorized.

If it's well structured data, like dates, social security numbers, zip codes, e-mail addresses, etc.

Input validation should happen as early as possible in the data flow, preferably as soon as the data is received from the external party.