input-sanitisation
Input Sanitisation - Injection Prevention Patterns
Defence-in-depth patterns preventing injection attacks across the full stack. Complements data-validation (which checks shape/type) by ensuring data is safe for its destination context (HTML, SQL, shell, URL).
Description
Covers XSS, SQL injection, command injection, URL redirect, and SSRF prevention patterns for the Next.js frontend and FastAPI backend. Enforces output encoding, parameterised queries, and safe subprocess handling aligned with OWASP Top 10 guidelines.
When to Apply
Positive Triggers
- Rendering user-generated content in HTML
- Constructing database queries with user input
- Building shell commands or subprocess calls
- Handling URL parameters or redirect targets
- Reviewing code for OWASP Top 10 vulnerabilities
- User mentions: "XSS", "injection", "sanitise", "security", "escape", "OWASP"
More from cleanexpo/unite-hub
tdd
Use when implementing any feature or bug fix. Hard gate — no production code without a failing test first. Applies to vitest (apps/web/) and pytest (apps/backend/). Triggers on "implement", "add feature", "fix bug", "new component", "new endpoint", or any code-writing task.
1idea-to-production
Plain-English pipeline from idea to production — routes user requests to the right phase and agent
1oauth-flow
OAuth 2.0 and OIDC integration with PKCE, Supabase Auth providers, and redirect URI validation
1health-check
>-
1csv-processor
>-
1vector-search
>-
1