Update Input Validation

[otkd]

• Clarify Server-side & Client-side recommendations
• Add references
• Style changes for uniformity

Thank you for submitting a Pull Request (PR) to the Cheat Sheet Series.

:triangular_flag_on_post: If your PR is related to grammar/typo mistakes, please double-check the file for other mistakes in order to fix all the issues in the current cheat sheet.

Please make sure that for your contribution:

• [x] In case of a new Cheat Sheet, you have used the Cheat Sheet template.
• [x] All the markdown files do not raise any validation policy violation, see the policy.
• [x] All the markdown files follow these format rules.
• [x] All your assets are stored in the assets folder.
• [x] All the images used are in the PNG format.
• [x] Any references to websites have been formatted as [TEXT](URL)
• [x] You verified/tested the effectiveness of your contribution (e.g., the defensive code proposed is really an effective remediation? Please verify it works!).
• [x] The CI build of your PR pass, see the build status here.

If your PR is related to an issue, please finish your PR text with the following line:

This PR covers issue #.

Thank you again for your contribution :smiley:

[otkd]

My $.02: "Whitelist" was in the dictionary (e.g., see https://dictionary.cambridge.org/us/dictionary/english/whitelist). But while "allowlist" is it a lot of technical glossaries and is broadly used, I haven't yet found it in any prominent dictionary of the English language (of any variety). So, until it is--or if you can convince the Cambridge Dictionary, the American Heritage Dictionary, etc. to add it--I think we should continue to write it out as 2 hyphenated words, e.g., "allow-list". (Same with "block-list" if you changed that to "blocklist".) Other than that, LGTM.

This perhaps would be a reasonble approach if all terminology used by OWASP would be in general purpose dictionaries, however given the intended audience this is unlikely to be the case.

"Allowlist" is for example recommended by:

• NIST
• Inclusive Naming Initiative members: Cisco, Intel, Red Hat, Canonical, CNCF, Extreme Networks etc.
• Google
• Linux Kernel

[jmanico]

"allowlist" is the NIST standard. Dictionaries be dammed. Let's go with allowlist.

Other dictionaries that support this:

• https://en.wiktionary.org/wiki/allowlist
• https://www.collinsdictionary.com/submission/407714/allowlist
• https://compliancedictionary.com/term/384420