bryan-gilbert
commented
4 years ago Is this a simple as someString.trim() to remove leading and trailing whitespace? (Which is a good idea.) Or more complex such as removal of tabs, newlines etc inside the string. What about when some inputs may wish to allow for these? Also this gets tricky. See https://stackoverflow.com/questions/4374822/remove-all-special-characters-with-regexp "Do not use [^\w\s], this will remove letters with accents (like àèéìòù), not to mention to Cyrillic or Chinese, letters coming from such languages will be completed removed." ... "As was mentioned in the comments it's easier to do this as a whitelist - replace the characters which aren't in your safelist."
We should have a common way of filtering user input to remove things such as leading/trailing whitespace, control characters like newlines, carriage returns, etc. This is mainly to prevent problems due to people cutting and pasting from emails, word documents, etc, and the special characters that sometimes accidentally get pasted.