When it comes to user-provided data, always take an approach of "guilty until proven innocent." With that in mind, we'll add two layers of validation: client-side and server-side. This will give us maximum assurance that we're receiving the correctly formatted input. Anything else will be rejected entirely.
View the relevant source code for this episode on GitHub.