🦿 Lucian Marin I created an input playground at lucianmarin.com/input where I can test the best ways to input text on Sublevel. Displaying a preview while typing is an option while contenteditable isn't preferable because it allows all kinds of HTML code. I want to create a virtual textarea that maintains cursor position with the actual textarea. Can this be done?

👽 Paul Webb Eh, I'm not sure. I know you don't want to use contenteditable, but what if you checked the input before submitting? You'd have to do this server-side which is annoying...eh, damn. Okay, textarea is definitely the preferred way, haha! Maybe you can submit your question to StackOverflow? Most people would probably recommend a plugin which I'm sure you don't want either.

🦿 Lucian Marin It seems there's an option for contenteditable="plaintext-only" but only newer browsers supports it. I'll play with this and see how I can clean up the produced HTML. People can still mess around the content with developers tools... hmm.

Mark Dain @netopwibby is right, you'd still need to do server side protection. Which you already do today, right? ... <script>alert('xss')</script>

👽 Paul Webb Well that's where the server-side component comes in! Can't trust client-side protection!