Just have the server email it to you as plain text. And make sure there isn't any way that the submitted could "inject" a header into the SMTP message - everything they submit must go into the SMTP body. When it gets to your mail client, it's just a bunch of plain text... Cheers Ken > -----Original Message----- > From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] > On Behalf Of Joel D Canfield > Sent: Saturday, 25 October 2008 3:05 AM > To: thelist at lists.evolt.org > Subject: [thelist] form field safety > > Drawing a huge blank; I can't even think of what to search for, though > it ought to be a fairly simple Googlage. > > I have a form where users can submit a short story. I just want to put > some safeguards in place to prevent ugliness. This will not be written > to a database, just emailed to me. I'm looking for server side safety > considerations; just doing basic form validation with js up front. > > I been sick. My head's not working. I, on the other hand, still need to > work. > > Thanks.