You can use Filters to strip data from the user submitted value such as HTML tags (which may be harmful) and useless white space and the start and end of the value. There are filters included with the form that do just that and more, although you can add your own too – see Creating a custom filter (advanced).
Included filters
- alpha – filters everything except alphabet characters
- alphaNumeric – filters everything except alphanumeric characters
- digits – filters everything except digits
- filename – filters invalid filename characters
- regex – filters everything matching the given regular expression
- stripTags – strips all HTML tags
- trim – strips whitespace and other characters from the start and end
So if you assign a Filter to an Element, then the value that will appear in the email will be the filtered value. The values are filtered before they are validated too.
As an extreme example, a value like ‘ <script></script> ‘ with the stripTags and trim filter and the required validator will actually fail validation, because once the tags are stripped and the white space is trimmed the value is empty so it fails the required validator.