Idea Machine PSEUDO-RANDOM THOUGHTS OF A WEB DEVELOPER AND DESIGNER

You might have heard of ‘user input validation’. That’s all cool and dandy, but have you heard of ‘user input sanitizing’? It is a concept as important as validation. The former checks for validity of the user input, and the latter prepares the user input for further processing by the software.

Now, you might think that proper validation might mostly eliminate the need for sanitizing. But that’s the wrong mindset. In the age of UX, software is expected to fit human needs, and not other way around, so sanitizing input becomes even more important than just validating it. It’s not only done for security reasons, but also to make users’ lives easier, too.

Here I’ll illustrate on a real-life example, why this is so important, and why it costs a lot if you do not care.

I use Moneygram from time to time to receive money from friends and relatives.

As with all money-related services, Moneygram uses software to manage the transactions. And software is operated by clerks. Now, clerks aren’t exactly the brightest folks on the planet when it comes to working with software systems. They may or may not have read manuals, but they tend to make mistakes. And if the UX of the softwar is not top-notch, this can lead to unpleasant delays and mistakes that cost people time and money.

Recently, I went to pick up some cash. I was asked to fill in a form that was otherwise printed out by the Moneygram software, because the clerk could not figure out error in data input. 15 minutes after I’ve filled in the form, the clerk managed to get ahold of support staff and it turned out the error was software getting stuck on dashses entered into phone number field. It also has to be noted that the phone number is an optional field. I sometimes get asked for my phone number, and sometimes not. It should also be noted that clerk was not able to explain the problem to the support staff. The only reason they figured it out is that clerk spelled out the contents of each field to the support person.

It all boils down to user input sanitizing. In most programming languages it takes one line of code to remove any non-digit characters (including spaces) from the form. For example:

# Python
>>> phone_number = '123-456-7890' 
>>> phone_number = re.sub('[^\d]+', '', phone_number) # this line
'1234567890'

#JavaScript
> phoneNumber = '123-456-7890'
> phoneNumber = phoneNumber.replace(/[^\d]+/g, '') # this line
'1234567890'

Similar examples may include trimming input. I’ve seen it too many times where leading and/or trailing space triggering all sorts of problems for the end user. Make it a habit to strip leading/trailing spaces.

There are more common pitfalls, but they are outside this article’s scope.

It’s unbelievable that the Moneygram software fails to do proper sanitizing. The above one-liners take 5 seconds to write with decent typing skills in any language. And it saves customers anywhere from a minute (if clerk has seen it before but is confused again) to 15 minutes (if it happens for the first time and clerk needs to call support without any clue as to what the problem is) each time a clerk gets stuck on this. Moneygram is a world-wide service, so you can imagine how much time is lost on this single mistake word-wide every day.