Developers writing Web applications run into the same problems repeatedly. One of the most prevalent is: How can you prevent users from entering illegal data? Traditional GUI applications written in C++, Visual Basic, provide controls called "masked controls" that limit the type, content, or length of data users can enter. An example is the IP address control in many Windows networking dialogs, which is a combination of four three-character fields that accept only numbers.
The control provides the dots between the numbers automatically. Additionally, developers wrap existing controls to create new masked controls. Web application developers don't have this luxury, but they use other technics, like blocking keystrokes.

Web controls fires the onkeypress event when a keyboard key is pressed or held down. by implementing the event, they can determine which key or key-combination ( e.g Ctrl+C, Ctrl+V ) pressed by evaluating the keycode ( the ASCII code of the character ).
When the onkeypress event fires it returns a keycode to the client. That keycode maps directly to the key that was pressed. To get the character associated with a given keycode, developers use the Javascript fromCharCode() method of the String object. then they use a filter or a regular expression pattern to validate the input.