Reply To: how to create a secure form

[LewisCowles1986]

This is a question, it is also very clear…

HTML5 forms spec from w3c – pattern

To create a secure form with a clean url
* you should use post (as you are)
* you should include a CSRF token, known in WP as a nonce to verify the source for the request (this “nonce” means something wholely different in UK btw)
* you should make sure SSL certificate is installed on the server and has been checked outto not include vulnerabilities
* you should make good use of attributes like required, pattern etc where advantageous
* you should try to checksum the input using JS (focus on smaller forms)

backend this could mean
* checking the CSRF
* verifying checksums
* validating data using filters and custom functions (google php-seclib, it would be a start)

other things
* try to ensure UTF-8 encoding on forms and always add attributes for send multipart
* ensure you do not enter anything into a database or storage system without sanitizing first (removing poison bytes, script & html tags etc)