One of the features of HTML5 is the ability to validate most user data without relying on scripts.
This is done using validation attributes on form elements, which allow you to specify rules for a form input like whether a value needs to be filled in, the minimum and maximum length of the data, whether it needs to be a number, an email address, etc., and a pattern that it must match.
Web applications are notorious for taking practically any type of input, assuming that it's valid, and processing it further.
Not validating input is one of the greatest mistakes that Web-application developers can make.
There are three main reasons: In the real world, developers tend to use a combination of client-side and server-side validation, to be on the safe side.
Rules can be collected through the requirements capture exercise.
In evaluating the basics of data validation, generalizations can be made regarding the different types of validation, according to the scope, complexity, and purpose of the various validation operations to be carried out.
One of the most serious input attacks is a buffer overflow that specifically targets input fields in Web applications.
For instance, a credit-reporting application may authenticate users before they're allowed to submit data or pull reports.