-1

I'm working on a webapp that sanitizes models for the view. However, it is stripping too many wanted characters, like forward slashes, semi-colons, colons, dollar signs, quote marks and accented letters from foreign languages. e.g. 3/8"W becomes 38w.

Do I need to modify the function to be less aggressive, or should I simply not use the sanitize function at all? I guess the bigger question is, what is sanitization for?

Full disclosure - I didn't write the function and I'm not fantastic with regex.

value = value.replace(/[^a-z0-9áéíóúñü .,_-]/gim, "").trim();
Wiktor Stribiżew
  • 607,720
  • 39
  • 448
  • 563
Kirk Ross
  • 6,413
  • 13
  • 61
  • 104

1 Answers1

-2

The sanitization concept is mainly aimed for sanitizing data from bad characters before being saved in database or processed with any type of queries. That said, you shouldn't care about sanitizing data at front end so much because javascript can be disabled. Any thing in client side can be bypassed. You should care so much about that at back end. Sanitization should be done for data before saving in database. Escaping should be done for data after retrieving from database.

Mohamed Magdy
  • 535
  • 5
  • 9