Hacker News new | past | comments | ask | show | jobs | submit login

Or just reject this input. The server isn't the time and place to do data cleanup.

Can always fix this on the frontend with JavaScript for free if it's an actual problem.




You can't trust that the user has JavaScript enabled; and since you can't trust user input anyway, you'd have to do this server side.


"You can't trust user input" means to not fudge with user data in the first place!

If your code cares about unicode spaces at the beginning of user input, there is your problem.

(Also, you missed the reject part)


How would you suggest running a user-created-content site without ever fudging/sanitizing the data being posted to the server?


Sure you can, but you better clean up on server side, or find a way to prevent any of 7+ billion people from posting maliciously.


> Can always fix this on the frontend with JavaScript for free

Nice to see what people think of offloading work to users' systems. This kind of thinking leads to slow ensures with fucked up scrolling.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: