input-validation
Installation
SKILL.md
Input Validation Skill
Purpose
Defines input validation and sanitization patterns for preventing security vulnerabilities and ensuring data integrity.
Core Principles
- Validate all input — Never trust user-supplied data
- Allowlist over denylist — Define what IS allowed
- Validate on server-side — Client-side validation is UX only
- Encode output — Context-appropriate encoding
- Fail securely — Reject invalid input with safe defaults
HTML/Static Site Validation
- Sanitize any user-generated content before rendering
- Use
textContentinstead ofinnerHTMLwhen possible - Escape HTML entities (
&,<,>,",') - Validate URL inputs (protocol allowlist: https only)
- Use Content Security Policy (CSP) headers