I’m putting together a simple contact form on my website. I have client and server side validation for the user’s name and e-mail address. But I was wondering, how should I go about validating the message?
From what I’ve read it seems just as easy to inject headers and malicious material into the body of the message, right? I know a common safeguard at least in the email value is to strip
and \r, but I don’t want to destroy the new lines in the e-mail message.
Anyone know what kind of validation/corrections I should be making to the body of the message before I send it?
Thanks.
