Is it safe to display user input as input values without sanitation?

Posted by Svish on Stack Overflow See other posts from Stack Overflow or by Svish
Published on 2010-03-16T10:06:32Z Indexed on 2010/03/16 10:16 UTC
Read the original article Hit count: 237

Filed under:

html

|

user-input

|

sanitation

|

security

Say we have a form where the user types in various info. We validate the info, and find that something is wrong. A field is missing, invalid email, et cetera.

When displaying the form to the user again I of course don't want him to have to type in everything again so I want to populate the input fields. Is it safe to do this without sanitation? If not, what is the minimum sanitation that should be done first?

And to clearify: It would of course be sanitized before being for example added to a database or displayed elsewhere on the site.

© Stack Overflow or respective owner

Related posts about html

Install usblib package - Ubuntu

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I need the package libusb for another package I am installing. I tried the following which seemed to install the package, sudo apt-get install libusb-dev but when I try to install the other package I get, configure: error: Package requirements (libusb-1.0 >= 0.9.1) were not met: No package… >>> More
Prevent malicious vulnerability scan increasing load on a server

as seen on Server Fault - Search for 'Server Fault'
Hi all, this week we have been suffering some malicious vulnerability scans to our servers, increasing the load on them, making them nearly unusable. The attack is easy to defend, just blocking the offending ip, but only after discovering it. Is there any form of prevent it? Is it normal that… >>> More
can't install psycopg2 in my env on mac os x lion

as seen on Server Fault - Search for 'Server Fault'
I tried install psycopg2 via pip in my virtual env, but got this error: ld: library not found for -lpq (full log here: http://pastebin.com/XdmGyJ4u ) I tried install postgres 9.1 from .dmg and via port, (gksks)iMac-Alexander:~ lorddaedra$ locate libpq /Developer/SDKs/MacOSX10.7.sdk/usr/include/libpq /Developer/SDKs/MacOSX10… >>> More
Bitnami redmine error SVN

as seen on Server Fault - Search for 'Server Fault'
I'm installing the Bitnami Redmine stack (redmine + subversion). Firstly I install configure and test it locally (Ubuntu 14.04 LTS). And everything is OK. I install Bitnami stack on server (Red Hat 4.4.7-4) and configure SVN. I commit files into SVN and connect project into Redmine with SVN repository… >>> More
Can the .htaccess file slow down a website to a crawl? If so, are there better ways to solve these problems with different rewrite rules and such?

as seen on Pro Webmasters - Search for 'Pro Webmasters'
here is my htaccess file...... RewriteCond %{REQUEST_URI} ^/patients/billing/FAQ_billing\.html$ [OR] RewriteCond %{REQUEST_URI} ^/patients/billing/getintouch\.html$ RewriteRule ^patients/billing/(.*)\.html$ $1.php [L,NC] RewriteCond %{REQUEST_URI} ^/patients/findadoctor/a\.html$ [OR] RewriteCond… >>> More

Related posts about user-input

Call methods in main method

as seen on Stack Overflow - Search for 'Stack Overflow'
this is my main method that gets 3 integers from command line and I parse then in my validating method. However I have one operation method that calls 3 other methods, but i don't know what type of data and howmany I have to put in my operatinMethod() " cuase switch only gets one); AND also in my… >>> More
QTableWidget signal cellChanged(): distinguish between user input and change by routines

as seen on Stack Overflow - Search for 'Stack Overflow'
i am using PyQt but my question is a general Qt one: I have a QTableWidget that is set up by the function updateTable. It writes the data from DATASET to the table when it is called. Unfortunately this causes my QTableWidget to emit the signal cellChanged() for every cell. The signal cellChanged()… >>> More
Printing Stdout In Command Line App Without Overwriting Pending User Input

as seen on Stack Overflow - Search for 'Stack Overflow'
In a basic Unix-shell app, how would you print to stdout without disturbing any pending user input. e.g. Below is a simple Python app that echos user input. A thread running in the background prints a counter every 1 second. import threading, time class MyThread( threading.Thread ): running… >>> More
Script stops while waiting for user input from STDIN.gets

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm trying to do something like this, where I have two loops going in seperate threads. The problem I am having is that in the main thread, when I use gets and the script is waiting for user input, the other thread is stopped to wait as well. class Server def initialize() @server = TCPServer… >>> More
QTableWidget signal cellChanged(): distinguish between user input and chage by routines

as seen on Stack Overflow - Search for 'Stack Overflow'
i am using PyQt but my question is a general Qt one: I have a QTableWidget that is set up by the function updateTable. It writes the data from DATASET to the table when it is called. Unfortunately this causes my QTableWidget to emit the signal cellChanged() for every cell. The signal cellChanged()… >>> More