AgentSkillsCN

Global Validation

在客户端与服务器端均实施安全、全面的输入验证,通过白名单、类型检查,以及数据净化,有效防范注入攻击。在处理来自表单、API请求,或任何外部数据源的用户输入时,应使用此技能。在实现表单验证逻辑,为每个字段定制专属的错误提示时,应使用此技能。在验证数据类型、格式、范围,以及必填字段时,应使用此技能。在对输入进行净化,以防止SQL注入、XSS,或命令注入时,应使用此技能。在验证诸如余额充足,或日期范围有效等业务规则时,应使用此技能。在为提升用户体验而实施客户端验证,同时为保障安全而强制执行服务器端验证时,应使用此技能。

SKILL.md
--- frontmatter
name: Global Validation
description: Implement secure, comprehensive input validation on both client and server sides using allowlists, type checking, and sanitization to prevent injection attacks. Use this skill when handling user input from forms, API requests, or any external data source. When implementing form validation logic with field-specific error messages. When validating data types, formats, ranges, and required fields. When sanitizing input to prevent SQL injection, XSS, or command injection. When validating business rules like sufficient balance or valid date ranges. When implementing both client-side validation for user experience and mandatory server-side validation for security.

Global Validation

This Skill provides Claude Code with specific guidance on how to adhere to coding standards as they relate to how it should handle global validation.

When to use this skill

  • When handling user input from forms, API endpoints, or external data sources
  • When implementing form validation with field-specific error messages
  • When validating data types, formats (email, phone, URL), ranges, and required fields
  • When sanitizing user input to prevent injection attacks (SQL, XSS, command injection)
  • When implementing client-side validation for immediate user feedback
  • When implementing mandatory server-side validation for security and data integrity
  • When validating business rules (sufficient balance, valid date ranges, stock availability)
  • When using allowlists to define what input is acceptable rather than blocklists
  • When applying validation consistently across all entry points (web, API, background jobs)
  • When failing early by rejecting invalid data before processing

Instructions

For details, refer to the information provided in this file: global validation