Whenever you receive insecure content, you may want to validate it first.
The framework has a handy class ready for this, it's called Validation.
This short example shows how to use it:
values = {
"register_username": "Ab"
};
var validation = new Validation();
validation.add("register_email","email");
validation.add("register_username","string", {
"min": 3,
"max": 12
}, {
"max": "The username is too long."
"": "The username is invalid."
});
validation.execute(values)(function(errors) {
if (errors.length) {
/*
* There have been errors
*/
} else {
/*
* Everything fine! Do whatever you like with
* validated elements at validation.getValidatedValues();
*/
}
});