I am building a Comments Form so people can comment on my articles.
Questions:
1.) What is the best Form-Type to use for the actual Comments field?
2.) What is the best approach to use so that users can type in their comments, but so I don’t have to rely on some add-on or fancy JavaScript to make things work? (A simple form like this LESS the fancy Word-Processor icons would be fine for now.)
3.) What types of things do I need to do as far as sanitizing the entries?
4.) Any other considerations?
I am starting to believe that creating a functional Comments form is a lot tougher than it appears on the surface?!
It sounds like all you need is a humble <textarea></textarea>. For sanitizing, you just check for anything that should not be there via a regular expression, or simply dictate what is allowed to be there and deny everything else.
It’s a standard element. Was there any rationale given for their comments?
Can you be a little more specific on sanitizing a Comments field?
Using regular expressions, you determine what can and can’t go in there. For example, you could limit the user to just digits and letters, line returns, and maybe a few punctuation marks like comma, period, question mark etc. That way, if they try to post link code etc, the form submission will be aborted.
What characters would cause issues?
The type of characters who spend their time spamming websites. But seriously, you may not want users to post links or scripts that may cause mischief—like JavaScript etc, though this is not my area. Often the email field can be more dangerous in this regard (injection of CCs etc), so that needs to be tightly controlled too.
Don’t remember now. Something about the fact you couldn’t format the data in the element. Also some issues with carriage returns?
I just want a place to capture people’s comments on my articles and then to display them in a nice paragraph format below the article like you’d expect to see.
Using regular expressions, you determine what can and can’t go in there. For example, you could limit the user to just digits and letters, line returns, and maybe a few punctuation marks like comma, period, question mark etc. That way, if they try to post link code etc, the form submission will be aborted.
Okay.
The type of characters who spend their time spamming websites.
Not to be outdone by people cracking BAD JOKES…
But seriously, you may not want users to post links or scripts that may cause mischief—like JavaScript etc, though this is not my area. Often the email field can be more dangerous in this regard (injection of CCs etc), so that needs to be tightly controlled too.
I can only do that stuff at a basic level, but later (if no one else does) I’ll post some regular expressions that I use. I’m not at my regular computer at the moment.
But seriously, you may not want users to post links or scripts that may cause mischief—like JavaScript etc, though this is not my area. Often the email field can be more dangerous in this regard (injection of CCs etc), so that needs to be tightly controlled too.