I am working on a website that allows users to add text to an image. Think meme generator kind of thing. I want to allow pretty much all text, including code, HTML etc.
Given the allowed "output" of GD text functions is basically anything that is UTF-8 compliant, what should I need to do, if anything, to sanitize the user input? Especially considering I want to keep things like code, HTML etc intact.
An example for example's sake:
$userText = $_POST['foo'];
imagettftext($image, 12, 0, 0, 0, $color, $font, $userText);
Is that fine?
Edit: Someone linked me to Secure User Image Upload Capabilities in PHP - I'm not asking how to upload images - I'm asking if/how much/what sanitizing and or validation I need of user input for GD text functions.