Is it safe to display user input as input values without sanitation?

Posted by Svish on Stack Overflow See other posts from Stack Overflow or by Svish
Published on 2010-03-16T10:06:32Z Indexed on 2010/03/16 10:16 UTC
Read the original article Hit count: 237

Filed under:
|
|
|

Say we have a form where the user types in various info. We validate the info, and find that something is wrong. A field is missing, invalid email, et cetera.

When displaying the form to the user again I of course don't want him to have to type in everything again so I want to populate the input fields. Is it safe to do this without sanitation? If not, what is the minimum sanitation that should be done first?

And to clearify: It would of course be sanitized before being for example added to a database or displayed elsewhere on the site.

© Stack Overflow or respective owner

Related posts about html

Related posts about user-input