Home/ Questions/Q 6330675
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-24T17:54:48+00:00

I am looking for a whitelist for a textarea that would be used for

  • 0

I am looking for a whitelist for a textarea that would be used for titles of books. The only characters I want to allow are alphanumeric, spaces, hyphens, underscores, periods, and the <br> tag. Any other special characters should be converted to their htmlentities ideally. The page uses php, html, javascript, and jquery if that helps. Anyone have any ideas??

Example input in textarea:

<textarea>
I have this book called Sample- a Fake Book.    
</textarea>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If this has any relation to security, i.e. making sure the data is always safe for display, then this must be done server-side.

    Except for the <br> tag, just HTML-encoding should do what you want.

    Probably the best way would be to use htmlentities and then bring the <br>‘s back:

    $encoded_text = htmlentities($input_text);

// replace the encoded <br>'s with the original <br>'s
$final_text = str_replace(htmlentities("<br>"), "<br>", $encoded_text);

    Another way to try to get this behavior and still use htmlentities is to replace the <br> tags with a placeholder, run through htmlentities, then replace it back. Something along the lines of:

    $br_placeholder = "XX_BR_PLACEHOLDER_XX";
$text_with_placeholders = str_replace("<br>", $br_placeholder, $input_text);
$text_with_htmlentities = htmlentities($text_with_placeholders);
$final_text = str_replace($br_placeholder, "<br>", $text_with_htmlentities);
    • 0