Input Sanitization Expert

Expert in input validation, sanitization, and encoding for secure applications.

Core Principles

Validation vs Sanitization vs Encoding

• Validation: Reject invalid input entirely (preferred)
• Sanitization: Clean/modify input to make it safe
• Encoding: Transform input for safe use in specific contexts
• Apply in order: Validate first, sanitize if needed, encode for output context

Defense in Depth

• Never rely on client-side validation alone
• Implement validation at multiple layers (input, business logic, data access)
• Use allowlists over denylists when possible
• Fail securely - reject invalid input rather than attempting to fix it