So today the roommate was filling out a form online, and he got done typing in all his pertinent information and hit send to hopefully zip is information safely away to its destination. When the page reloads he is greeted with an error message about a field having an invalid character, except it wasn't invalid at all. In fact it was completely necessary because his last name has an apostrophe in it (Irish, go figure) so it got me to wondering just how far overboard can you go with filtering out user input.
I can understand not allowing numbers in your first or middle name, but no apostrophes in the last name field? What about those who have hyphenated names? Quite likely they would get the same message if filling out this specific form. I myself run into similar things from time to time, however it tends to be when there is no suffix field on a paper form, then I have to ask whomever I am filling out the forms for if they have a way to differentiate me from everyone else who might share the same full name. Even in my own projects I have tended to go overboard in terms of input sanitizing however my code seldom is as widely deployed as others and is hosted on machines that don't have 24x7 staff to keep an eye on things.
Kind of makes me wonder just how many other places use a generic cleaner to scrub all input and inadvertently force users to either fudge their name to get past it or simply give up all together?
[ back home ]
Comments for Sanitization Overboard