diff --git a/.wordlist-en.txt b/.wordlist-en.txt
index a60b225b..b70114a8 100644
--- a/.wordlist-en.txt
+++ b/.wordlist-en.txt
@@ -535,3 +535,4 @@ BOPLA
 BOLA
 WebDAV
 tunable
+allowlist
diff --git a/docs/en/04-design/02-web-app-checklist/04-encode-escape-data.md b/docs/en/04-design/02-web-app-checklist/04-encode-escape-data.md
index 6a78a01e..b049087b 100644
--- a/docs/en/04-design/02-web-app-checklist/04-encode-escape-data.md
+++ b/docs/en/04-design/02-web-app-checklist/04-encode-escape-data.md
@@ -18,6 +18,7 @@ and use the list below as suggestions for a checklist that has been tailored for
 5. Apply canonicalization to convert unicode data into a standard form
 6. Ensure the output encoding is safe for all target systems
 7. In particular sanitize all output used for operating system commands
+8. Sanitize potentially dangerous characters before using the data to call another service
 
 #### 2. Contextual output encoding
 
diff --git a/docs/en/04-design/02-web-app-checklist/05-validate-inputs.md b/docs/en/04-design/02-web-app-checklist/05-validate-inputs.md
index e03d8bcc..7fc7032f 100644
--- a/docs/en/04-design/02-web-app-checklist/05-validate-inputs.md
+++ b/docs/en/04-design/02-web-app-checklist/05-validate-inputs.md
@@ -20,6 +20,7 @@ and use the list below as suggestions for a checklist that has been tailored for
 8. Validate data range and also data length
 9. Utilize canonicalization to address obfuscation attacks
 10. All validation failures should result in input rejection
+11. Validate all input against an allowlist of characters, whenever possible
 
 #### 2. Libraries and frameworks