Developing a MVC Component/Filter input from users
Fields in the xmlfiles can have filter-options to reduce the risk of injecting erroneous or malicious data in the forms in your component. From what I have found, the following filters are available by default, defined on line 162 in filterinput.php
INT / INTEGER: Forces Integer value UINT: Forces absolute Integer value FLOAT / DOUBLE: Forces floating point value BOOL / BOOLEAN: Forces the value to be true or false WORD: Allows only a-z (not case sensitive) and underscores ALNUM: Allow a-z and numbers CMD: allows ALNUM plus the characters _ (underscore) . (dot) - (dash) BASE64: Allows only a base64-encoded string (ALNUM and the characters + / = ) STRING: Removes HTML HTML: Allows basic HTML ARRAY: Forces value to be an array PATH: Forces value to be a file path USERNAME: Only characters allowed in a Joomla username RAW: Allow any content
There are probably more available by default, please edit this doc...