Data from the client should never be trusted for the client has every possibility to tamper with the data.
This strategy is directly akin to anti-virus pattern updates.
Say you want to set up a site where users can upload arbitrary files so they can share them or download them again from another location.
In this case validation is impossible because there is no valid or invalid content.
However, there are bad, good and "best" approaches.
Often the best approach is the simplest in terms of code.