<!DOCTYPE html>
<html>
<body>
<p>A form with a search field that CANNOT contain the following characters: ' or "</p>
<form action="/action_page.php">
Search: <input type="search" id="mySearch" name="search" pattern="[^'\x22]+" title="Invalid input">
<input type="submit">
</form>
<p>Click the "Try it" button to display the value of the pattern attribute of the search field.</p>
<button onclick="myFunction()">Try it</button>
<p id="demo"></p>
<script>
function myFunction() {
var x = document.getElementById("mySearch").pattern;
document.getElementById("demo").innerHTML = x;
}
</script>
</body>
</html>