Javascript Escape Characters

I have kind of a lazy form that has two textboxes. When I click a button I basically concatenate the two textboxes with a delimiter. Is there like a special delimiter that cannot actually be typed in an html textbox, even if the &#xxx; syntax i开发者_运维问答s used?

Why concatenate? How about using JSON?

A simple and safe concatenation format would be

<length of the first string> <space> <first string> <second string>

For example

'abcd' + 'foo' => '4 abcdfoo'

No, if you want to disallow characters you'll have to add some sort of javascript to prevent them being entered. Or just remove them from each field before joining.

Anything can be typed into a textfield, which is why it is so important to sanitize all user input.