hlfan left a comment (openstreetmap/openstreetmap-website#6616)
Well, that's the crux of the issue. We couldn't even deny newlines, as there's
already one user with \r\n in the name:
https://www.openstreetmap.org/user/Mohamedkaizen%0D%0AMohamedkaizen
I think the way to reduce this risk as much as possible is to use a different
delimitation character that is more commonly related to URLs than casual text.
Right now, the longest name of a contributor is
[bwdlqwbdjlbqlwdjbqlwjdbqljwbdlqwjbdlqwjdblqjwbdlqjwdbqlwjdblqwdblqjbdlqjwbdljqbwdljqwbdlqbwdbqwdblqwdlqwbdlbdlqbwldbqlwbdlqbwdlqbdlqbdljwbdlqwbdwlbqlwdblqwbdjlqwbdjlqwbdljqwbdljqbwdljqbdlqwbdlqbdljqbdljqbwdljbqldbqlwdbljqwbdljqwdbqlwdbqlwjdbqlwdbqlw](https://www.openstreetmap.org/user/bwdlqwbdjlbqlwdjbqlwjdbqljwbdlqwjbdlqwjdblqjwbdlqjwdbqlwjdblqwdblqjbdlqjwbdljqbwdljqwbdlqbwdbqwdblqwdlqwbdlbdlqbwldbqlwbdlqbwdlqbdlqbdljwbdlqwbdwlbqlwdblqwbdjlqwbdjlqwbdljqwbdljqbwdljqbdlqwbdlqbdljqbdljqbwdljbqldbqlwdbljqwbdljqwdbqlwdbqlwjdbqlwdbqlw)
at 249 chars, so none of these suggestions would be inclusive.
And database validation is probably too much of a slowdown for how often this
library is called.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/6616#issuecomment-3661856220
You are receiving this because you are subscribed to this thread.
Message ID:
<openstreetmap/openstreetmap-website/pull/6616/[email protected]>
_______________________________________________
rails-dev mailing list
[email protected]
https://lists.openstreetmap.org/listinfo/rails-dev
