Regular expression for validating special characters
Data from all potentially untrusted sources should be subject to input validation, including not only Internet-facing web clients but also backend feeds over extranets, from suppliers, partners, vendors or regulators, each of which may be compromised on their own and start sending malformed data.
Input Validation should not be used as the primary method of preventing XSS, SQL Injection and other attacks which are covered in respective cheat sheets but can significantly contribute to reducing their impact if implemented properly.
There are lots of resources on the internet about how to write regular expressions, including: and the OWASP Validation Regex Repository.
$"); public void do Post( Http Servlet Request request, Http Servlet Response response) Be aware that any Java Script input validation performed on the client can be bypassed by an attacker that disables Java Script or uses a Web Proxy.
Ensure that any input validation performed on the client is also performed on the server.
SSN, date, currency symbol) while semantic validation should enforce correctness of their values in the specific business context (e.g.
start date is before end date, price is within expected range).