Forget-me-not
Ok, now we do context specific escaping near the sink and follow the Least Power Principle. There is
A one more thingIf your application is more complex than a simple contacts form then you have multiple sources which lead to the same sink. And here raises a problem: the knowledge regarding validity of source data exists only limited context (see variable scope). And usually when go out of scope (e.g. call a function) we loose the knowledge or in other words — forget information regarding validity of a certain input, so we have to do validation again here and there in a best case or blindly assume that validation was done before. This causes a problem known as a Shotgun Parsing:
Shotgun parsing is a programming antipattern whereby parsing and input-validating code is mixed with and spread across processing code — throwing a cloud of checks at the input, and hoping, without any systematic justification, that one or another would catch all the “bad” cases.
To keep the knowledge you may use Hungarian notation or something similar to encode information in the name that cannot be encoded in the type.
But relying on a convention or notation is not an option when we are talking about application security. You need something more strong, something that prevents even theoretical loosing of knowledge:
Type Driven Development comes to the rescue
