How do you create a html input form that can receive an infinite amount of text, and that necessarily has a fixed size on the webpage but scrolls with additional input that goes past the bottom of the box? And would this be a potential denial of service hole in the code?

Progz

Recommended Answers

All 7 Replies

Enabling Infinite Scroll is very similar to adding support for post thumbnails or editor styles because we make use of add_theme_support(). By providing a few key pieces of information when calling add_theme_support(), Infinite Scroll will seamlessly integrate with your theme.

Proglearner, are you referring to a <textarea></textarea>? Textarea at w3schools
You can set the width and height via CSS or the rows and columns via HTML attributes.

Whether or not it is a security hole for DoS or whatnot really depends on your form processing code.

I don't think the processing code is really related to DoS. The DoS is from excessively request (any kind) to a server/computer in a short period of time. As a result, the server is overloaded and either ignores all incoming requests or crashes. For example, your server can handle up to 1,000,000 requests per second. If there are 100,000,000 requests go to your server per second for a while, your server will stop functioning as it should be.

It is not about how you process it, it is about how your server handles requests. You could prevent your server from crashing (by putting up another layer), but I am not sure you could really stop DoS.

PS: EvolutionFallen is correct. Using textarea tag should give you what you want. Though, the infinite text length is quite impossible in practice because of the word infinite.

Nintin, could you please PM me with more information as to how I can have a look at the publicly available information on Infinite Scroll? Please note that this is for educational purposes and I can't commit at this time to becoming a customer or to endorsing your product.

Fallen and Taywin, yes, I was referring to the <text area></text area> field. I have always been irritated by limits on how much text can be input into a text area form on most websites and don't want to impose that limitation in my own designs, to the extent that not imposing that limitation is practical. I don't believe for a second that a 21st-century website visitor with good intentions would choose to type a very long document into an input box, simply because long typed documents are not the norm in the smartphone and tablet age. I do, however, want to provide an opportunity to those who choose to enter, say, 5,000 words into an input field, to do so, while protecting myself from malicious visitors who seek only to crash my website with false input. I apologize for misusing the term "denial of service" in that regard because I honestly thought that what I was thinking of fell into that category.

Progz

I see. Textarea tag should be able to handle that. Adding CSS to it will give whatever you want (with scroll). The only limitation from the tag that you saw from other websites is from maxlength property of the text area. Also, the way they manipulate the countdown character is from JavaScript. So if the page is being view on a website, such as in Firefox, a user could easily get rid of that limitation.

The way to sanitize a string will depend on how and where you use it. It could be varied, so I would give you only one example.

One way and is always a good practice is to sanitize any input from a user. You must validate that the input is valid or reject it. For example, you have a blog and allow users to post comments. When you take a user input, you simply save in the database and display it on your page. Now, on a safe side, you should reject any input that contains a URL because it could be spam or XSS (Cross Site Scripting). Also, you should check for any SQL query inside the input string.

Taywin,

I realize this thread is marked solved, because I realized that <textarea> doesn't automatically require input length limits to be set, and a separate maxlength attribute is required for that. But I'm still not sure how to arrange for the input to scroll so that the last line of input is always the bottom (or higher) line of text displayed within the text box. On other websites, especially fora, I've run into the problem of my input becoming invisible during editing because it is placed below the bottom of the input box. I've even had one horrible experience with one forum software (I think it was bbsoft) where every new keystroke caused the last line of text to jerk into view for a split-second and then jerk back out of view down below the bottom of the input box. There was nothing I could do about it except bug report the developers. I definitely want to avoid that.

Progz

But I'm still not sure how to arrange for the input to scroll so that the last line of input is always the bottom (or higher) line of text displayed within the text box.

This is a bit confusing to me. If you could provide a picture of what you mean, please do. You may also need to use JavaScript but you may not because I am not sure what it is... :(

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.