Skip to main content
Security auth critical

Input Validation & Sanitization

Input validation with Zod and Pydantic, preventing SQL injection, XSS, command injection, and sanitization patterns for secure applications.

Difficulty
intermediate
Read time
1 min read
Version
v1.0.0
Confidence
established
Last updated
Edit on GitHub Report Issue

Quick Reference

Validate ALL user input at system boundaries. Use Zod (TypeScript) or Pydantic (Python) for schema validation. Use parameterized queries for SQL (never string concatenation). Escape HTML output (React does this by default). Use allowlists over blocklists. Validate file uploads by content, not extension.

Use When

  • Handling user input in forms
  • Processing API request data
  • Building database queries
  • Rendering user-generated content

Skip When

  • Internal service-to-service calls with trusted data
  • Static content without user input

Input Validation & Sanitization

Input validation with Zod and Pydantic, preventing SQL injection, XSS, command injection, and sanitization patterns for secure applications.

Tags

validation sanitization injection xss security

Discussion

Related Guidelines

CSRF Protection Patterns critical Content Security Policy critical CORS Patterns critical Security Headers & Environment Variables critical