Filter problematic characters

Question

Filter problematic characters

Closed this issue 9 years ago · 3 comments

Whitespace chars like U+200B should not be allowed as they allow the creation of optically identical usernames.

Answer 1 · 2014-12-27T23:29:04.000Z

Do you have a good method to filter those characters? I don't want to maintain a whitelist

Maybe this?

userInput = userInput.replace(/[\u200B-\u200D\uFEFF]/g, '');

Answer 2 · 2014-12-29T09:13:04.000Z

Of course, a whitelist of UTF8 chars would be too tedious. Generally, there is no reason to block chars, except for a simple, small list of really bad characters. But I'm not sure which characters you would want to replace that are not already handled by your app. But for a general Idea:

All whitespace chars - the only needed char is a standard, breaking space (ASCII horizontal space, 0x20)
control characters

For those whitespaces: The German Wikipedia has a nice list.

Answer 3 · 2014-12-29T13:20:31.000Z

I'm currently thinking about integrating this functionality to the server instead to the frontend.

This is just for me as a reminder: ;)

[\xA0\u1680\u2002-\u200b\u202F\u205F\u2060\u3000\uFEFF]+