...
The best defense against code injection vulnerabilities is to avoid including executable user input in code. If some dynamic code requires certain user input, the input should be sanitized. For example, a top-level method should ensure that the string firstName
contains only valid, white-listed characters. Refer to the guideline IDS01-J. Sanitize before processing or storing user input for more details.
...