params strip to remove whitespaces #156

Closed
mikhailov opened this Issue Jul 17, 2010 · 3 comments

Projects

None yet

3 participants

@mikhailov

Hi,
I have several users who copy-paste passwords from email and the whitespaces are appear here.
What do you think to add String#strip method at http://github.com/binarylogic/authlogic/blob/master/lib/authlogic/acts_as_authentic/password.rb#L230 ?

@mikhailov

I'm using String#strip! method into controller, and it isn't good
p = params[:user_session]
p[['email']].strip!
p[
['password']].strip!

@onebree

I found this while searching if my issue is already reported.

It is not ideal to strip characters from user input. While it is generally avoided, it is possible for passwords to contain spaces. Just because your users copy/paste from email does not mean others do the same. Stripping other parameters are not ideal, either.

@tiegz
Collaborator

Agree with @onebree, closing this out.

@tiegz tiegz closed this Sep 21, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment