Input Sanitizer
VerifiedImplements comprehensive server-side input validation and sanitization for APIs and web forms to prevent injection attacks and data corruption.
Install
Claude Code
Copy the SKILL.md file to your project's .claude/skills/ directory About This Skill
Input Sanitizer generates comprehensive, defense-first input validation and sanitization layers for APIs and web applications. It follows the principle: validate at the boundary, sanitize before storage, and encode before output.
Validation Strategy
Schema-Based Validation (Type Safety) Generates strict schema definitions using: - **Zod** (TypeScript) — runtime type checking with inferred TypeScript types - **Joi** (Node.js) — flexible validation with detailed error messages - **Pydantic** (Python) — model-based validation with FastAPI integration - **Marshmallow** (Python Flask/DRF) — serialization + validation combined
- Every schema enforces:
- Exact field types (no implicit coercion from string to number)
- Required vs optional fields with `undefined` rejection
- Maximum string lengths to prevent overflow attacks
- Allowed value enumerations where applicable
- Nested object validation recursively
Business Rule Validation Beyond type checking — validates business semantics: - Date ranges (end must be after start) - Cross-field dependencies (shipping address required if order has physical items) - Format validation (email RFC 5321 subset, phone E.164, URL scheme whitelist)
Sanitization Operations
String Sanitization - HTML tag stripping for plain text fields - Whitespace normalization - Unicode normalization to prevent homograph attacks - Path traversal prevention for filename inputs (`../` removal)
File Upload Validation - MIME type verification against file magic bytes (not just extension) - Maximum file size enforcement - Image dimension validation for image uploads - Filename sanitization (special characters, reserved Windows names)
Error Handling
- Generates validation error responses that:
- Are consistent across all endpoints
- Include field-level error details for form feedback
- Never expose internal implementation details
- Use HTTP 422 Unprocessable Entity for validation failures
Use Cases
- Adding schema validation to REST API request bodies with Zod or Joi
- Implementing file upload validation for type, size, and content safety checks
- Sanitizing rich text editor output before storing in database
- Building reusable validation middleware for multi-route Express or FastAPI applications
Pros & Cons
Pros
- + Multiple validation library support — Zod, Joi, Pydantic, Marshmallow
- + File upload validation against MIME magic bytes, not just file extension
- + Unicode normalization prevents homograph and encoding bypass attacks
- + Consistent validation error response format across all endpoints
Cons
- - Generated validation rules must be reviewed against specific business requirements — they are a starting point
- - Overly strict validation may reject edge-case valid inputs — tune thresholds after testing
Related AI Tools
Claude Code
Paid
Anthropic's agentic CLI for autonomous terminal-native coding workflows
- Terminal-native autonomous coding agent
- Full file system and shell access for multi-step tasks
- Deep codebase understanding via repository indexing
View Pricing →
Cursor
Freemium
AI-native code editor with deep multi-model integration and agentic coding
- AI-native Cmd+K inline editing and generation
- Composer Agent for autonomous multi-file changes
- Full codebase indexing and context awareness
Get Started →
GitHub Copilot
Freemium
AI pair programmer that suggests code in real time across your IDE
- Real-time code completions across 30+ languages
- Copilot Chat for natural language code Q&A
- Pull request description and summary generation
Get Started →
Related Skills
Stay Updated on Agent Skills
Get weekly curated skills + safety alerts
每周精选 Skills + 安全预警