Skip to content

Add a "Common Pitfalls" section to the Input Validation Cheat Sheet #2228

Description

@sujalavnelavai

Hi team,

While going through the Input Validation Cheat Sheet, I noticed that it doesn’t currently include a section that highlights the common mistakes developers make when handling input. In practice, these mistakes are often the real reason validation fails, even when the basic rules are understood.

I think adding a short “Common Pitfalls” section would make the cheat sheet more practical and help readers avoid issues that show up frequently in real applications.

Some examples of pitfalls that could be included:

Relying only on client‑side validation

Using blacklists instead of whitelists

Not validating data after deserialization

Assuming internal APIs or microservices are “trusted”

Skipping validation for file uploads or filenames

Using overly permissive or unsafe regex patterns

Not validating nested JSON structures or array lengths

Ignoring Unicode normalization issues

Treating JSON input as automatically safe

Forgetting to validate input before logging or storing it

These are all things that developers run into regularly, and having them called out clearly would make the cheat sheet even more helpful.

If this sounds useful, I’d be happy to draft the section and open a PR.

Thanks!

Metadata

Metadata

Labels

ACK_OBTAINEDIssue acknowledged from core team so work can be done to fix it.UPDATE_CSIssue about the update/refactoring of a existing cheat sheet.

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions