|
|
|
|
|
|
by stop50
737 days ago
|
|
|
you can't ensure that something isn't manipulating the request send by the browser, so its an valid concern. NEVER trust the client. And its documented in the changelog of the function. I would catch it, send an response that is explaining that the password is invalid and implement a check that limits valid characters to be outside the non printable range. |
|
|