Missing Input Validation

Finds form inputs without proper validation attributes that could be exploited.

Why This Is Bad

Without limits, a bot can paste a 1 million character message and crash your database or fill up your storage.

How To Fix

Add validation attributes to your form inputs:

tsx

// Before (VULNERABLE)
<input type="text" name="message" />

// After (PROTECTED)
<input 
  type="text" 
  name="message" 
  required 
  maxLength={500}
  minLength={1}
/>

For server-side validation, use Zod or similar:

typescript

import { z } from 'zod';

const MessageSchema = z.object({
  message: z.string().min(1).max(500),
});

When You Pass This Check

All your form inputs have proper validation. Nice work!

Check If Your Repo Has This Issue

Our free scanner will detect this and 17 other common issues in your codebase.