Proper input validation sanitization can prevent insertion of malicious data into a subsystem such as a database. However, different subsystems require different types of sanitization. Fortunately, it is usually obvious which subsystems will receive input and consequently what sanitization is required.
Several subsystems exist for the purpose of showing output. An HTML renderer, as part of a web browser, is one common subsystem for displaying output. Since data that is sent to an output subsystem might not come directly from an untrusted source, it is tempting to assume that no sanitization is required. Data that is not properly sanitized for these subsystems can enable several types of attacks. For example, an HTML renderer can be prone to HTML injection and the system. However, such validation fails to provide the assurance that validated data remains consistent throughout its lifetime. For example, if insiders are allowed to insert data into a database without validation, they can glean unauthorized information or execute arbitrary code on the client side by means of a Cross-Site Scripting (XSS) attack [OWASP 2011]. (Note that, although this is not necessarily an attack from one site to another, the term Cross-Site Scripting attack is still applied to such attacks.) Output Therefore, output sanitization to prevent such attacks is as important vital as input validationsanitization.
As with input validation, normalize data before sanitizing for malicious characters. All output characters other than those known to be safe should be encoded to avoid vulnerabilities caused by data that bypasses validation. See IDS01-J. Normalize strings before validating them for more information.
Noncompliant Code Example
...