User input comparison to white- or blacklists are through regular expression validation, which you can add to ADF Faces components and the ADF binding layer. Hint: It does not make sense to validate all user input fields against SQL injection. Data input that is only persisted in the data...