[{"data":1,"prerenderedAt":456},["ShallowReactive",2],{"term-i\u002Finput-validation":3,"related-i\u002Finput-validation":436},{"id":4,"title":5,"acronym":6,"body":7,"category":416,"description":417,"difficulty":418,"extension":419,"letter":420,"meta":421,"navigation":81,"path":422,"related":423,"seo":430,"sitemap":431,"stem":434,"subcategory":6,"__hash__":435},"terms\u002Fterms\u002Fi\u002Finput-validation.md","Input Validation",null,{"type":8,"value":9,"toc":410},"minimark",[10,15,19,23,26,30,399,403,406],[11,12,14],"h2",{"id":13},"eli5-the-vibe-check","ELI5 — The Vibe Check",[16,17,18],"p",{},"Input validation is checking that user input is what you expect before using it. If a field should be an email address, reject anything that isn't an email. If a field should be a number between 1 and 100, reject everything else. Never trust user input — validate it at every entry point.",[11,20,22],{"id":21},"real-talk","Real Talk",[16,24,25],{},"Input validation verifies that data conforms to expected format, type, length, and range constraints before processing. It should occur on both client and server sides. Validation libraries like Zod, Joi, and Yup provide schema-based validation with detailed error messages.",[11,27,29],{"id":28},"show-me-the-code","Show Me The Code",[31,32,37],"pre",{"className":33,"code":34,"language":35,"meta":36,"style":36},"language-javascript shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","import { z } from 'zod';\n\nconst UserSchema = z.object({\n  email: z.string().email().max(255),\n  age: z.number().int().min(18).max(120),\n  username: z.string().min(3).max(30).regex(\u002F^[a-zA-Z0-9_]+$\u002F),\n});\n\nconst result = UserSchema.safeParse(req.body);\nif (!result.success) {\n  return res.status(400).json({ errors: result.error.issues });\n}\n","javascript","",[38,39,40,76,83,111,155,204,273,283,288,316,338,393],"code",{"__ignoreMap":36},[41,42,45,49,53,57,60,63,66,70,73],"span",{"class":43,"line":44},"line",1,[41,46,48],{"class":47},"s7zQu","import",[41,50,52],{"class":51},"sMK4o"," {",[41,54,56],{"class":55},"sTEyZ"," z",[41,58,59],{"class":51}," }",[41,61,62],{"class":47}," from",[41,64,65],{"class":51}," '",[41,67,69],{"class":68},"sfazB","zod",[41,71,72],{"class":51},"'",[41,74,75],{"class":51},";\n",[41,77,79],{"class":43,"line":78},2,[41,80,82],{"emptyLinePlaceholder":81},true,"\n",[41,84,86,90,93,96,98,101,105,108],{"class":43,"line":85},3,[41,87,89],{"class":88},"spNyl","const",[41,91,92],{"class":55}," UserSchema ",[41,94,95],{"class":51},"=",[41,97,56],{"class":55},[41,99,100],{"class":51},".",[41,102,104],{"class":103},"s2Zo4","object",[41,106,107],{"class":55},"(",[41,109,110],{"class":51},"{\n",[41,112,114,118,121,123,125,128,131,133,136,138,140,143,145,149,152],{"class":43,"line":113},4,[41,115,117],{"class":116},"swJcz","  email",[41,119,120],{"class":51},":",[41,122,56],{"class":55},[41,124,100],{"class":51},[41,126,127],{"class":103},"string",[41,129,130],{"class":55},"()",[41,132,100],{"class":51},[41,134,135],{"class":103},"email",[41,137,130],{"class":55},[41,139,100],{"class":51},[41,141,142],{"class":103},"max",[41,144,107],{"class":55},[41,146,148],{"class":147},"sbssI","255",[41,150,151],{"class":55},")",[41,153,154],{"class":51},",\n",[41,156,158,161,163,165,167,170,172,174,177,179,181,184,186,189,191,193,195,197,200,202],{"class":43,"line":157},5,[41,159,160],{"class":116},"  age",[41,162,120],{"class":51},[41,164,56],{"class":55},[41,166,100],{"class":51},[41,168,169],{"class":103},"number",[41,171,130],{"class":55},[41,173,100],{"class":51},[41,175,176],{"class":103},"int",[41,178,130],{"class":55},[41,180,100],{"class":51},[41,182,183],{"class":103},"min",[41,185,107],{"class":55},[41,187,188],{"class":147},"18",[41,190,151],{"class":55},[41,192,100],{"class":51},[41,194,142],{"class":103},[41,196,107],{"class":55},[41,198,199],{"class":147},"120",[41,201,151],{"class":55},[41,203,154],{"class":51},[41,205,207,210,212,214,216,218,220,222,224,226,229,231,233,235,237,240,242,244,247,249,252,255,258,261,264,267,269,271],{"class":43,"line":206},6,[41,208,209],{"class":116},"  username",[41,211,120],{"class":51},[41,213,56],{"class":55},[41,215,100],{"class":51},[41,217,127],{"class":103},[41,219,130],{"class":55},[41,221,100],{"class":51},[41,223,183],{"class":103},[41,225,107],{"class":55},[41,227,228],{"class":147},"3",[41,230,151],{"class":55},[41,232,100],{"class":51},[41,234,142],{"class":103},[41,236,107],{"class":55},[41,238,239],{"class":147},"30",[41,241,151],{"class":55},[41,243,100],{"class":51},[41,245,246],{"class":103},"regex",[41,248,107],{"class":55},[41,250,251],{"class":51},"\u002F",[41,253,254],{"class":47},"^",[41,256,257],{"class":51},"[",[41,259,260],{"class":68},"a-zA-Z0-9_",[41,262,263],{"class":51},"]+",[41,265,266],{"class":47},"$",[41,268,251],{"class":51},[41,270,151],{"class":55},[41,272,154],{"class":51},[41,274,276,279,281],{"class":43,"line":275},7,[41,277,278],{"class":51},"}",[41,280,151],{"class":55},[41,282,75],{"class":51},[41,284,286],{"class":43,"line":285},8,[41,287,82],{"emptyLinePlaceholder":81},[41,289,291,293,296,298,301,303,306,309,311,314],{"class":43,"line":290},9,[41,292,89],{"class":88},[41,294,295],{"class":55}," result ",[41,297,95],{"class":51},[41,299,300],{"class":55}," UserSchema",[41,302,100],{"class":51},[41,304,305],{"class":103},"safeParse",[41,307,308],{"class":55},"(req",[41,310,100],{"class":51},[41,312,313],{"class":55},"body)",[41,315,75],{"class":51},[41,317,319,322,325,328,331,333,336],{"class":43,"line":318},10,[41,320,321],{"class":47},"if",[41,323,324],{"class":55}," (",[41,326,327],{"class":51},"!",[41,329,330],{"class":55},"result",[41,332,100],{"class":51},[41,334,335],{"class":55},"success) ",[41,337,110],{"class":51},[41,339,341,344,347,349,352,354,357,359,361,364,366,369,372,374,377,379,382,384,387,389,391],{"class":43,"line":340},11,[41,342,343],{"class":47},"  return",[41,345,346],{"class":55}," res",[41,348,100],{"class":51},[41,350,351],{"class":103},"status",[41,353,107],{"class":116},[41,355,356],{"class":147},"400",[41,358,151],{"class":116},[41,360,100],{"class":51},[41,362,363],{"class":103},"json",[41,365,107],{"class":116},[41,367,368],{"class":51},"{",[41,370,371],{"class":116}," errors",[41,373,120],{"class":51},[41,375,376],{"class":55}," result",[41,378,100],{"class":51},[41,380,381],{"class":55},"error",[41,383,100],{"class":51},[41,385,386],{"class":55},"issues",[41,388,59],{"class":51},[41,390,151],{"class":116},[41,392,75],{"class":51},[41,394,396],{"class":43,"line":395},12,[41,397,398],{"class":51},"}\n",[11,400,402],{"id":401},"when-youll-hear-this","When You'll Hear This",[16,404,405],{},"\"Add server-side input validation — client-side can be bypassed.\" \u002F \"The API rejected the request due to failed input validation.\"",[407,408,409],"style",{},"html pre.shiki code .s7zQu, html code.shiki .s7zQu{--shiki-light:#39ADB5;--shiki-light-font-style:italic;--shiki-default:#89DDFF;--shiki-default-font-style:italic;--shiki-dark:#89DDFF;--shiki-dark-font-style:italic}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .spNyl, html code.shiki .spNyl{--shiki-light:#9C3EDA;--shiki-default:#C792EA;--shiki-dark:#C792EA}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html pre.shiki code .swJcz, html code.shiki .swJcz{--shiki-light:#E53935;--shiki-default:#F07178;--shiki-dark:#F07178}html pre.shiki code .sbssI, html code.shiki .sbssI{--shiki-light:#F76D47;--shiki-default:#F78C6C;--shiki-dark:#F78C6C}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":36,"searchDepth":78,"depth":78,"links":411},[412,413,414,415],{"id":13,"depth":78,"text":14},{"id":21,"depth":78,"text":22},{"id":28,"depth":78,"text":29},{"id":401,"depth":78,"text":402},"security","Input validation is checking that user input is what you expect before using it.","beginner","md","i",{},"\u002Fterms\u002Fi\u002Finput-validation",[424,425,426,427,428,429],"Sanitization","Escape","Encoding","SQL Injection","XSS","OWASP Top 10",{"title":5,"description":417},{"changefreq":432,"priority":433},"weekly",0.7,"terms\u002Fi\u002Finput-validation","_2Ht5bFTrZOXJ0U7xG83dMSnSSrR_rv2ruI4Sh6wENk",[437,440,443,446,449,453],{"title":426,"path":438,"acronym":6,"category":416,"difficulty":418,"description":439},"\u002Fterms\u002Fe\u002Fencoding","Encoding is converting data into a different format for safe transport or storage — not for security, but to prevent misinterpretation.",{"title":425,"path":441,"acronym":6,"category":416,"difficulty":418,"description":442},"\u002Fterms\u002Fe\u002Fescape","Escaping means converting special characters into their safe equivalents before putting them in HTML, SQL, or a shell command.",{"title":429,"path":444,"acronym":6,"category":416,"difficulty":418,"description":445},"\u002Fterms\u002Fo\u002Fowasp-top-10","The OWASP Top 10 is the security industry's greatest hits of web vulnerabilities — the 10 most common, dangerous ways apps get hacked.",{"title":424,"path":447,"acronym":6,"category":416,"difficulty":418,"description":448},"\u002Fterms\u002Fs\u002Fsanitization","Sanitization is cleaning up user input before using it — stripping out anything dangerous like script tags or SQL commands.",{"title":427,"path":450,"acronym":6,"category":416,"difficulty":451,"description":452},"\u002Fterms\u002Fs\u002Fsql-injection","intermediate","SQL injection is when a hacker types SQL code into a text field instead of normal text, and your stupid database runs it.",{"title":428,"path":454,"acronym":428,"category":416,"difficulty":451,"description":455},"\u002Fterms\u002Fx\u002Fxss","XSS stands for Cross-Site Scripting. Hackers inject their own JavaScript into your site so when other users visit, the evil script runs in their browser.",1776518288948]