Reactive Programming has been getting a lot of attention in the Android community lately.
While it has uses throughout the application stack, we're going to focus here on using it to validate forms (exciting! This approach cuts down on ugly nested if statements and transforms all of the validation logic to just a few simple lines using the Rx Java framework. Lets start by setting up the input fields in our layout.
It constrains the final value to be emitted only if it is different from the previously emitted value.
Now, let’s repeat that except for an Email address input. Next we need to combine these observables and manipulate them in a way that lets us know when both fields are validated so we can enable a submit button.
Free-form text, especially with Unicode characters, is perceived as difficult to validate due to a relatively large space of characters that need to be whitelisted.
It's also free-form text input that highlights the importance of proper context-aware output encoding and quite clearly demonstrates that input validation is not the primary safeguards against Cross-Site Scripting — if your users want to type apostrophe (') or less-than sign ( References: Input validation of free-form Unicode text in Python Developing regular expressions can be complicated, and is well beyond the scope of this cheat sheet.
then the developer should be able to define a very strong validation pattern, usually based on regular expressions, for validating such input.
If the input field comes from a fixed set of options, like a drop down list or radio buttons, then the input needs to match exactly one of the values offered to the user in the first place.
It is always recommended to prevent attacks as early as possible in the processing of the user’s (attacker's) request.We add a filter to the observable controlling the error messaging to only show if there is an error.We added the distinct Until Changed() operator to the chain.For more information on XSS filter evasion please see the XSS Filter Evasion Cheat Sheet.White list validation is appropriate for all input fields provided by the user.