What is the best way to strip HTML from a Form text or textarea field? Specifically, I’m getting manual spam entered into the message box of my Contact form.
@squirrel, I can think of two avenues:
-
Field validation using Regex:
Add a validation to the field which will fail when its content contains an anchor. A simple example:
The form validation will fail on input like “This field contains an <a href=”…"> in its text".validate: type: textarea pattern: '^(.(?!<a))*$' # Any charactor must not be followed by '<a' required: true
-
Cleanup textarea:
A custom plugin could respond to eventonFormPrepareValidation
and sanitise the data of the form. Eg. when the email form uses field ‘message’ as body, its field data could be cleansed as follows:public function onFormPrepareValidation($event) { $message = $event['form']->getData('message'); $event['form']->setData('message', strip_tags($message)); }
1 Like
Thank you so much @pamtbaau
The form validation was just what I was looking for. I didn’t find much on syntax for the validate before I posted. A regex pattern works great!
Thanks again