I don't want it to be so strict that I have to pre-code every possible interaction,

If any part of the users input can be passed to a shell or otherwise be executed without rigorous validation, you open chinks through which the bad guys may squeeze.

And rigorous validation of all possible interactions is going to be far harder than encoding (say) a dispatch table of all allowed interactions.