Is it safe to display user input as input values without sanitation?
- by Svish
Say we have a form where the user types in various info. We validate the info, and find that something is wrong. A field is missing, invalid email, et cetera.
When displaying the form to the user again I of course don't want him to have to type in everything again so I want to populate the input fields. Is it safe to do this without sanitation? If not, what is the minimum sanitation that should be done first?
And to clearify: It would of course be sanitized before being for example added to a database or displayed elsewhere on the site.