Just block "nsec"
The sheer number of people who have submitted their privkey/nsec for verification on https://verified-nostr.com is quite staggering. And that’s despite a bold, red message to only send the pubkey in hex.
Fortunately for them, I ensure those submissions are discarded. That said, there really should be a better way for key management and/or training for new folks to realize the privkey/nsec is basically their password.
Discussion
Good point. Could stop form submission if an entry field includes a anything prefixed with "nsec". The only problem is some folks have also submitted the hex version of their nsec 😂 and that's nearly impossible to block