The symbol is: ؤْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْْ
What's so special about this symbol and where did it come from?
What can be done to validate against such input? Or even better, how can such symbols be displayed properly (i.e. not letting them overlap over other elements) ?
Well since it seems to be not as trivial as I thought for others here is my answer.
This is called Combining Diacritical Marks.
To give you an example you can write a ä
directly or as ä
which results in "ä".
Now you can mess up with that signs like here: "ä̈̈̈̈̈̈", here I entered: ä̈̈̈̈̈̈
To protect yourself to such "unicode" attacks you could limit the count of unicode chars which are allowed to come after each other. I cannot give you an exact example since you tags don't give a hint about your server side language. If you have a plain english website you might try to limit it to ascii chars only. However I would not recomment that, since I would be not allowed to sign then with my name :-)
I would just limit the count of Unicode characters after each other. That might been done with regex.
If you just want to avoid that the Unicode characters "break out" of their container try using style="overflow:auto"
which seems to limit the way how it is rendered.