restrict input to only letters and numbers and no script related characters

to stop visitors to load iframe and try to steal cookies etc. 

examples are:

<iframe id="serviceFrameSend" src="file:///../../../../../../../etc/passwd" width="1000" height="1000"

frameborder="0">

<iframe srcdoc="<img src=x onerror=alert(document.cookie)>"></iframe>