Full stack developer student at Microverse Web and Mobile app developer
‘ One should never trust data coming from the user side ’.
This assertion is true, especially when you are working with forms as a backend developer. When you create your website, you always come to a step where you must collect a certain amount of data from your future users ( name, location, age, etc). You certainly think about the forms already, but the real struggle is how to secure those forms.
Depending on the capacities of your WebHost server and on the amount of time you wish to lose, you can just create a classic form, without giving a damn about data validation and so on, letting the user type and send whatever nonsense they want to your server and fill your database uselessly. Or you can even let the data reach the server and write some long backend functions to validate them one by one…But why the hell will you do that?
Check it out with me, here are some awesome links to good HTML5 validators that I am sure you did not care about before.
You can see some interesting information there, yeah, form validators are those attributes you never care about: minLength, maxLength, required, pattern… Some attributes like ‘type’ for the input, help you to force the user to stick at a data format. Let’s see an example. You are trying to get the user email address, how to make sure he doesn’t type an ‘ask-my-mom’ there?
<input type='email' name='email' placeholder='Enter your email, please'>
Try it and you will see, it’s as simple as it looks! Another attribute is ‘required’. This attribute makes sure the user fills the designated field before the form can be submitted. Yeah, some punks may just submit an empty form!
You may avoid that by just putting a ‘required’ attribute on your input, follows:
<input type='email' name='email' placeholder='Enter your email, please' required>
For sure, nothing will leak!
You may tell yourself that you have seen it all yet!! But nooo, you haven’t. I wanted to introduce to you the coolest form control among them: the ‘pattern’ attribute!
The pattern is an attribute that helps you to impose the data format or even the characters that the user must enter in an input. It takes a regular expression, commonly known as regex, as value. It works with email, text, tel and even password inputs. It’s great to force the user to choose a complicated password, or to force him to enter a correct phone number. If you do not know about regex, here is a great link to know more and to build your regex: https://regex101.com/
For example, I want to force the user to choose a password with at least one capital letter, one digit, and a special character. Here is what it can look like:
<input type="password" id="password" name="password" pattern="[a-zA-Z](\d+)(\W+)" maxlength="32" required>
You may try it and also create your own regex and test it on other form types.
HTML5 really offers you some great tools to secure your forms, with error messages which adapt to the type of error and the language of the user. And if you are a CSS lover, you can use some pseudo-classes like ‘: required’ or ‘: optional’ to style your form fields according to the situation.
Give it some stars if you find the repo interesting. We appreciate contributions and comments too.