I accept user input in the field that will be displayed on the public page (for example, forum posts or comments on the website). I want them to be able to display them as paragraphs along with line breaks as needed using the CSS attribute
white-space: pre-line;
This allows users to publish in paragraph format, like this post you are reading.
However, I do not want malicious users to be able to send messages with a huge number of spaces, significantly increasing the page length. I'm currently trying to misinform input using a regular expression by removing duplicate whitespace characters (double spaces or double line feeds). It is quite complicated and very ugly. I still want users to be able to send messages containing spaces. But is regular expression still the best solution to this very common problem?
Is there a best practice for disinfecting extra space characters from user input in C # / ASP.NET or writing our own regular expressions, which are still the best option in 2015?
source
share