All external input to the system should undergo input validation.
The validation rules are defined by the business requirements for the application.
Input validation is more than checking form field values.
Until recently, most computer systems in the UK were configured to use the ISO Western character set.
In Welsh-speaking areas, and to a lesser extent in Scottish and Irish Gaelic speaking areas, computer systems may have alternatively been configured to use the ISO Celtic character set.
Such a range is defined by the business requirements of the input field.
The other approaches to data validation are "known bad," which is a black list of "bad characters".
A single character, such as a period/full-stop (.), may be represented in many different ways: ASCII 2E, Unicode C0 AE, and many others.
With the myriad ways of encoding user input, a web application's filters can be easily circumvented if they're not carefully built.
*The maximum size limit for file upload is 2 megabytes.
and also many historic systems of significant academic interest.
Input validation is one of the most effective technical controls for application security.
It can mitigate numerous vulnerabilities including cross-site scripting, various forms of injection, and some buffer overflows.
This approach is not future proof and would need maintenance.