{"id":19316228,"url":"https://github.com/userfrosting/wdvss","last_synced_at":"2025-06-28T05:35:13.849Z","repository":{"id":27040261,"uuid":"30505374","full_name":"userfrosting/wdvss","owner":"userfrosting","description":"Web Data Validation Standard Schema","archived":false,"fork":false,"pushed_at":"2016-06-01T19:23:07.000Z","size":6,"stargazers_count":7,"open_issues_count":1,"forks_count":0,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-04-08T22:02:00.490Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/userfrosting.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-02-08T20:53:17.000Z","updated_at":"2022-12-30T22:42:13.000Z","dependencies_parsed_at":"2022-07-24T13:31:49.558Z","dependency_job_id":null,"html_url":"https://github.com/userfrosting/wdvss","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/userfrosting/wdvss","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/userfrosting%2Fwdvss","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/userfrosting%2Fwdvss/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/userfrosting%2Fwdvss/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/userfrosting%2Fwdvss/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/userfrosting","download_url":"https://codeload.github.com/userfrosting/wdvss/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/userfrosting%2Fwdvss/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259896122,"owners_count":22928328,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-10T01:10:32.552Z","updated_at":"2025-06-14T23:03:02.388Z","avatar_url":"https://github.com/userfrosting.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Web Data Validation Standard Schema (WDVSS)\n\n*Revision 2.0, 2016 June 1*\n\n## Overview\n\nThe goal of this project is to create an interoperable standard for validating data exchanged over the web.  In particular, it focuses on data submitted to a web server via HTTP GET and POST requests.  It should be flexible enough to accommodate both server-side and client-side validation.\n\n## Background\n\nValidating client data is an essential part of modern web applications and services.  Proper server-side validation is critical to server security, protecting web servers and their users from SQL injection, cross-site scripting (XSS), and other malicious attacks.  Validation is also an important aspect of user experience, communicating and enforcing the requirements of the underlying data model.  It is suprising, then, that no standard currently exists for how this should be done.\n\n## Scope\n\nAlthough the examples used in this document will be presented in the [JavaScript Object Notation (JSON)](http://www.json.org/) format, the standard itself is not meant to be tied to any particular data format.  The standard shall be confined to validating HTTP GET and POST requests - other types of requests and communication protocols such as FTP, POP, etc are not addressed by this standard.\n\n## The Standard\n\n### Schema\n\nA **schema** is a document that partially or fully specifies the rules for validating data submitted by a client to a server as part of a single HTTP POST or GET request.\n\nA schema shall consist of a collection of **fields**.  Each field refers to a distinct piece of data being submitted as part of the request. \n\n### Fields\n\nA field consists of a unique **field name**, along with a set of attributes.  The following attributes are defined:\n\n#### `transformations` (optional)\n\nThe `transformations` attribute specifies an ordered list of **data transformations** to be applied to the field.\n\n#### `validators` (optional)\n\nThe `validators` attribute specifies an ordered list of **validators** to be applied to the field.\n\n#### `default` (optional)\n\nThe `default` attribute specifies a default value to be used if the field has not been specified in the HTTP request.  When a default value is applied, the data transformations and validators for the field shall be ignored.\n\n### Transformations\n\nData transformations should be applied before validation, in the specified order.  The following transformations are currently supported:\n\n#### `purge`\n\nRemove all HTML entities (`'\"\u003c\u003e\u0026` and characters with ASCII value less than 32) from this field.\n\n#### `escape`\n\nEscape all HTML entities (`'\"\u003c\u003e\u0026` and characters with ASCII value less than 32).\n\n#### `purify`\n\nApply an HTML purification library, for example [HTMLPurifier](http://htmlpurifier.org/), to remove any potentially dangerous HTML code.\n\n#### `trim`\n\nRemove any leading and trailing whitespace.\n\n### Validators\n\nA validator consists of a **validator name**, and a set of validator attributes.  The implementation may set one or more of these validators as a default, if none are specified.\n\nThe following validators are currently defined:\n\n#### `required`\n\nSpecifies that the field is a required field.  If the field is not present in the HTTP request, the implementation shall cause this validator to fail unless a default value has been specified for the field.\n\n#### `equals`\n\nSpecifies that the value of the field must be equivalent to a specific value.  The definition of equivalence shall be left to the implementation.\n\n- `value` (required) : the value to which the field value must be equivalent, as defined by the implementation.\n\n#### `not_equals`\n\nSpecifies that the value of the field must **not** be equivalent to a specific value.  The definition of equivalence shall be left to the implementation.\n\n- `value` (required) : the value to which the field value must **not** be equivalent, as defined by the implementation.\n\n#### `email`\n\nSpecifies that the value of the field must represent a valid email address.  The definition of a valid email address shall be left to the implementation.\n\n#### `telephone`\n\nSpecifies that the value of the field must represent a valid telephone number.  The definition of a valid telephone number shall be left to the implementation.\n\n#### `uri`\n\nSpecifies that the value of the field must represent a valid Uniform Resource Identifier (URI).  The definition of a valid URI shall be left to the implementation.\n\n#### `regex`\n\nSpecifies that the value of the field must match a specified Javascript- and PCRE-compliant regular expression.\n\n- `regex` (required): A valid Javascript- and PCRE-compliant regular expression.\n\n#### `length`\n\nSpecifies bounds on the length, in characters, of the field's value.  The `length` validator supports the following attributes:\n\n- `min` (optional): the minimum number of permitted characters, inclusive.  Must be a non-negative integer.\n- `max` (optional): the maximum number of permitted characters, inclusive.  Must be a non-negative integer.\n\n#### `integer`\n\nSpecifies that the value of the field must represent an integer value.\n\n#### `numeric`\n\nSpecifies that the value of the field must represent a numeric (floating-point or integer) value.\n\n#### `range`\n\nSpecifies a numeric interval bound on the field's value.  The `range` validator supports the following attributes:\n\n- `min` (optional): the minimum value.  Must be a floating-point number or integer.\n- `max` (optional): the maximum value.  Must be a floating-point number or integer.\n- `min_exclusive` (optional): a boolean value, specifying whether the minimum value should be excluded from the interval.  The default value shall be `false`.\n- `max_exclusive` (optional): a boolean value, specifying whether the maximum value should be excluded from the interval.  The default value shall be `false`.\n\n#### `member_of`\n\nSpecifies that the value of the field must be equivalent to at least one member of a given collection.  The definition of equivalence shall be left to the implementation.\n\n- `values` (required): A collection of values in which to search for the field value.\n\n#### `not_member_of`\n\nSpecifies that the value of the field must not be equivalent to any members of a given collection.  The definition of equivalence shall be left to the implementation.\n\n- `values` (required): A collection of values in which to search for the field value.\n\n#### `matches`\n\nSpecifies that the value of the field must be equivalent to the value of another field.  The definition of equivalence shall be left to the implementation.\n\n- `field` (required): The name of the other field that this field must match.  If the value of the other field is not specified in the request, this validator may attempt to match the default value, if specified.\n\n#### `not_matches`\n\nSpecifies that the value of the field must **not** be equivalent to the value of another field.  The definition of equivalence shall be left to the implementation.\n\n- `field` (required): The name of the other field that this field must **not** match.  If the value of the other field is not specified in the request, this validator may attempt to match the default value, if specified.\n\n#### `no_leading_whitespace`\n\nSpecifies that the value of the field must not have any leading whitespace characters.\n\n#### `no_trailing_whitespace`\n\nSpecifies that the value of the field must not have any trailing whitespace characters.\n\n### Validator Messages\n\nAdditionally, each validator may contain a **validation message** assigned to a `message` attribute.  This message can be used by the implementation to indicate the specific point of failure during the validation process.  To implement multi-language support, it is suggested to use a \"message id\" tag instead of the message itself, and then use an appropriate mapping library to render the message in the desired language.\n\n- `message` (required): A string containing the message to display to the user.\n\n## Examples\n\nThe following is an example of a schema written in JSON format.  Notice that the names of validators, fields, etc are used as keys.  This is a possible, but not necessary, implementation of the standard.\n\n```\n{\n    \"user_name\" : {\n        \"validators\" : {\n            \"length\" : {\n                \"min\" : 1,\n                \"max\" : 50,\n                \"message\" : \"ACCOUNT_USER_CHAR_LIMIT\"\n            },\n            \"required\" : {\n                \"message\" : \"ACCOUNT_SPECIFY_USERNAME\"\n            }\n        },\n        \"transformations\" : [ \"escape\", \"trim\" ]\n        }        \n    },\n    \"display_name\" : {\n        \"validators\" : {\n            \"length\" : {\n                \"min\" : 1,\n                \"max\" : 50,\n                \"message\" : \"ACCOUNT_DISPLAY_CHAR_LIMIT\"\n            },\n            \"required\" : {\n                \"message\" : \"ACCOUNT_SPECIFY_DISPLAY_NAME\"\n            }\n        }\n    },          \n    \"email\" : {\n        \"validators\" : {\n            \"required\" : {\n                \"message\" : \"ACCOUNT_SPECIFY_EMAIL\"\n            },\n            \"length\" : {\n                \"min\" : 1,\n                \"max\" : 150,\n                \"message\" : \"ACCOUNT_EMAIL_CHAR_LIMIT\"\n            },\n            \"email\" : {\n                \"message\" : \"ACCOUNT_INVALID_EMAIL\"\n            }\n        }\n    },\n    \"message\" : {\n        \"default\" : \"My message\", \n        \"transformations\" : [\"purify\", \"trim\"]\n    },\n    \"password\" : {\n        \"validators\" : {\n            \"required\" : {\n                \"message\" : \"ACCOUNT_SPECIFY_PASSWORD\"\n            },\n            \"matches\" : {\n                \"field\" : \"passwordc\",\n                \"message\" : \"ACCOUNT_PASS_MISMATCH\"\n            },            \n            \"length\" : {\n                \"min\" : 8,\n                \"max\" : 50,\n                \"message\" : \"ACCOUNT_PASS_CHAR_LIMIT\"\n            }\n        }    \n    },\n    \"passwordc\" : {\n        \"validators\" : {\n            \"required\" : {\n                \"message\" : \"ACCOUNT_SPECIFY_PASSWORD\"\n            },\n            \"matches\" : {\n                \"field\" : \"password\",\n                \"message\" : \"ACCOUNT_PASS_MISMATCH\"\n            },\n            \"length\" : {\n                \"min\" : 8,\n                \"max\" : 50,\n                \"message\" : \"ACCOUNT_PASS_CHAR_LIMIT\"\n            }\n        }  \n    },\n    \"captcha\" : {\n        \"validators\" : {\n            \"required\" : {\n                \"message\" : \"Please enter the captcha code.\"\n            }\n        }\n    }\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuserfrosting%2Fwdvss","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fuserfrosting%2Fwdvss","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fuserfrosting%2Fwdvss/lists"}