How do I add security to a textarea so the only thing that a user can enter (besides normal text) is a new line.
Example:
<textarea>
For some reason
I want this on 2 lines
</textarea>
Any other type of tags should not be allowed. I have done ALOT of tests with php security functions like htmlentities, strip_tags, nl2br, etc and I have not found anything that could do what I want. Any ideas?
UPDATE: I don’t have any examples of how htmlentities did not work for me, because that is from past experience, but if someone can provide me with an example of how to use htmlentities to do this, that would be greatly appreciated!
What you need to do is define a whitelist of allowable values which will include upper and lower alpha characters, line returns then anything else you want to allow (punctuation, numbers, etc.) A regular expression is easy enough to do this with and you’ll need to validate the contents of the text area against this on submission.
Also, make sure you always run this on the server side. You can run it client side as well but you must make sure the mechanism can’t be circumvented at the browser hence the server validation dependency.