Validating data input
If it's well structured data, like dates, social security numbers, zip codes, e-mail addresses, etc.then the developer should be able to define a very strong validation pattern, usually based on regular expressions, for validating such input.Detailed information on XSS prevention here: OWASP XSS Prevention Cheat Sheet Many websites allow users to upload files, such as a profile picture or more. Many web applications do not treat email addresses correctly due to common misconceptions about what constitutes a valid address.
Input validation should happen as early as possible in the data flow, preferably as soon as the data is received from the external party.
To normalise an email address input, you would convert the domain part ONLY to lowercase.
Unfortunately this does and will make input harder to normalise and correctly match to a users intent.
When users enter data into your application, you may want to verify that the data is valid before your application uses it.
You may require that certain text fields not be zero-length, that a field be formatted as a telephone number or other type of well-formed data, or that a string not contain any unsafe characters that could be used to compromise the security of a database.