How can I prevent users from entering HTML in a textarea?

[mesh2005]

I want to add client-side (JS) and server-side (PHP) checks to prevent users from entering HTML into a textarea, how can I do so?

Thank you

[TripleDES]

I found this function for you in PHP: strip_tags( )

 

PHP won't prevent the user from entering HTML, but this function will strip it out.

[corillo181]

you could use java script to see if they used anything other then simple text and numbers..

 

so check in to javascript..

 

php needs for you to submit the text so the user can enter it, but it wont work ..but with javascript they can't enter it at all.

[ToonMariner]

Implement both but javascript can be disabled so you MUST check server side to ensure no html is entered to be absolutely sure.

[Azu]

Don't even bother with the javascript.

Anyone wanting to find exploits is going to have javascript either completely killed, or just block whatever protection you put in it.

 

And on top of that, you will only piss off legitimate users, maybe forcing them to just give up entirely and not try to use the form ever again.

 

Just let PHP remove any bad data. No problems then.