Is it safe to display user input as input values without sanitation?
Posted
by Svish
on Stack Overflow
See other posts from Stack Overflow
or by Svish
Published on 2010-03-16T10:06:32Z
Indexed on
2010/03/16
10:16 UTC
Read the original article
Hit count: 234
Say we have a form where the user types in various info. We validate the info, and find that something is wrong. A field is missing, invalid email, et cetera.
When displaying the form to the user again I of course don't want him to have to type in everything again so I want to populate the input fields. Is it safe to do this without sanitation? If not, what is the minimum sanitation that should be done first?
And to clearify: It would of course be sanitized before being for example added to a database or displayed elsewhere on the site.
© Stack Overflow or respective owner