Input Validation

Question 1

Input Validation

Answer 1

Injection vulnerabilities occur due to insufficient user input validation
Input validation, aka, data validation is the proper testing of any input supplied by a user or application
Input validation can be either whitelisted or blacklisted

Question 2

Implementing input validation

Answer 2

There are many ways to implement input validation:
* It can be done at the client-side coded with HTML, handled with pure JavaScript or a specialist JavaScript library such as Jquery.

Question 3

How do we ensure data input into a web form by a user is of the correct type

Answer 3

Built in data fields.
To validate input is of the type we want or expect we can use strict data fields when building forms.
* This will help to prevent users from entering the wrong type of data in particular fields.
* A form will not submit until input types are valid.

Question 4

Validation

Answer 4

*Different validators can be added to a form to validate different values.
*Lots of in-built validators, can create custom validators too.
*Adding the statement if form.validate_on_submit() to a view function handling a form will check all
the validators associated with a form.

Question 5

Custom validators - pattern matching

Answer 5

*Pattern matching is the checking and locating of specific sequences of data of some pattern among raw
data or a sequence of tokens.
*Regular programming languages make use of regular expressions (regex) for pattern matching.
*A regular expression is a String of text that allows you to create patterns that must be found within
input data in order to validate it.