User names should be html encoded. In fact i would say that they should be restricted to a minimal set of characters. Yes this would take a smidgeon of the fun away but it would also mean that users wouldn't end up with untypable names, which would make things a lot easier in the CB and when replying.
Some examples:
| chakka_&_the_pylons | chakka_&_the_pylons |
| Jeff | Jeff |
| • | • |
| Halcyon&on | Halcyon&on |
| π | π |
| Halcyon&On&On | Halcyon&On&On |
| n21s&0s | n21s&0s |
| א | א |
IMO, these are unacceptable user names (apologies to the users in question)
Update I did a test and tried to create a user named <script>window.alert("!");</script> which was dealt with somewhat alright, as the script tags were removed, so we are safe that way...
Sorry if this was an abuse by the way, it was in the best intentions. Anyway, i got the following error message (maybe this is a good thing??
Your new user account (window.alert("!");) has been created. You (---) should be getting an email soon telling you your generated p +assword. Server Error (Error Id 9654412)! An error has occured. Please contact the site administrator with the E +rror Id. Thank you.
Yves / DeMerphq
--
When to use Prototypes?
In reply to Re: HTML encoded user names
by demerphq
in thread HTML encoded user names
by Biker
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |