IDS01-J. Normalize strings before validating them - SEI CERT Oracle Coding Standard for Java (original) (raw)

Many applications that accept untrusted input strings employ input filtering and validation mechanisms based on the strings' character data. For example, an application's strategy for avoiding cross-site scripting (XSS) vulnerabilities may include forbidding