Validate and sanitize all user input | BeforeMerge Rules | BeforeMerge

Validate and sanitize all user input | BeforeMerge Rules | BeforeMerge

Why This Matters

User input is untrusted. Validate at the boundary:

import { z } from "zod"
 
const schema = z.object({
  email: z.string().email(),
  name: z.string().min(1).max(100),
  role: z.enum(["member", "admin"]),
})
 
export async function inviteUser(input: unknown) {
  const data = schema.parse(input)  // Throws on invalid input
  // ... safe to use data
}