Validators

The validators project is meant to supply functionality to easily validate (user) input to prevent insertion of potentially harmful content without restricting user input too much. Many sites are vulnerable for XSS or injection attacks (see OWASP top 10). By using whitelisting for all your user input it is easy to prevent most injection issues. Using too restricted whitelists can however prevent users from inputting the data they want. If a user cannot input his or her name because it contains some characters not in the whitelist, you don't have a proper balance between security and user friendliness. This project is meant to help maintain the proper balance. Good security without annoying users bij restricting input too much.

Available Validators

In the current version the following validators are available:

  1. TextValidator
  2. ExtendedTextValidator
  3. MultiLineTextValidator
  4. NameValidator
  5. TelephoneNumberValidator
  6. EmailAddressValidator

TextValidator

Provides validation functions for basic (letters only) text input. With this validator you can check if your input consists of only Unicode letters. You can set if spaces are allowed (default spaces are not allowed).

ExtendedTextValidator

Provides validation functions for extended (letters and numbers) text input. With this validator you can check if your input consists of only letters, digits _ and -. You can set if spaces are allowed (default spaces are allowed).

MultiLineTextValidator

Provides validation functions for multi-line text input. With this validator allows letters, digits, line breaks, quotes, punctuation, url's and email adresses.

NameValidator

Provides validation functions for human names, only characters normally used in human names are allowed (whitelisted) when validating using this validator. You can set if single quotes are allowed in names (for names like O'Reilly).

TelephoneNumberValidator

Provides validation functions for telephone numbers, only digits, spaces, +, -, ( and ) are allowed (whitelisted) when validating using this validator.

EmailAddressValidator

Provides validation functions for email addresses. You can set wether only basic latin is allowed or also other alphabets.

Creation

Simply create an instance of the right class and reuse it for all calls within your preferred scope. The constructor allows you to set the available options for all validation actions performed by the created instance. You can create validation instances for a single page or for your entire application.

bool allowSingleQuotes = false;
var validator = new NameValidator(allowSingleQuotes);

Using Dependency Injection Containers

If you use an IoC or Dependency Injection Container (like AutoFac) you can create your validator instances and then registering them for further use in your entire application. This way you can define the options for your validators at one point and reuse validators with those options throughout your application.

var builder = new ContainerBuilder();
var nameValidator = new NameValidator(false);
builder.RegisterInstance(nameValidator).As<NameValidator>();

Usage

All validators have the following 2 methods:

  1. IsValid(string value) => bool
  2. RemoveInvalidCharacters(string value) => string

A basic implementation would be the following.

if (!validator.IsValid(inputValue))
{
    // Do something if input is invalid
}

You could also just remove the invalid input, make sure you communicate to the user that the input is invalid and why it is invalid.

if (!validator.IsValid(inputValue))
{
    inputValue = validator.RemoveInvalidCharacters(inputValue);

    // Return a validation message
}