2. [Mandatory] Direct display of user sensitive data is not allowed. Displayed data must be desensitized.

4. [Mandatory] Any parameters input by users must go through validation check.

6. [Mandatory] Form and AJAX submission must be filtered by CSRF security check.

7. [Mandatory] It is necessary to use the correct anti-replay restrictions, such as number restriction, fatigue control, verification code checking, to avoid abusing of platform resources, such as text messages, e-mail, telephone, order, payment.

8. [Recommended] In scenarios when users generate content (e.g., posting, comment, instant messages), anti-scam word filtering and other risk control strategies must be applied.