danpalmer
commented
10 years ago This is by design. A good password system should not be disallowing certain characters.
If a backend system requires specific properties of passwords, that must be evaluated separately, although I recommend against using a system that has those sorts of requirements. The purpose of Complexify is to provide a more correct way of specifying password requirements.
Thanks for looking at Complexify, and suggesting a change, but it goes against the principles of Complexify, so isn't something I'll implement.
redirishmike
It appears that complexify does not validate whether the users password includes whitespace or ends with whitespace. Perhaps in the evaluateSecurity function there should be a check for whitespace? I have not run into an organization that allows or permits whitespace in their password, much less having a password like 's ' be valid and secure.
Perhaps adding a check for password.indexof(/\s/)?