Restrict Special Characters/Symbols in User Names (& Other Fields?)

[SimoneZaza]

Description

As a security-conscious product owner, I want to prevent users from using special characters/symbols in their usernames and other fields, So that we can mitigate the risk of malicious scripts being executed through user inputs.

Acceptance criteria

• [ ] Should restrict the use of special characters/symbols in usernames.
• [ ] TBD Should restrict the use of special characters/symbols in other specified fields?
• [ ] Should allow only the following special characters in usernames and other fields:
• Periods: .
• Underscores: _
• Dashes: -
• Single quote: '
• Back tick: `
• [ ] Should display a user-friendly error message when a user attempts to use restricted characters.
• Error: Invalid Characters. Please use only letters, numbers, periods (.), underscores (_), and dashes (-).
• [ ] Should ensure that existing usernames and fields are sanitized to remove any restricted special characters/symbols
• [ ] Client should prevent using the symbols
• [ ] Server needs to validate it as well.

Additional Context

At least the following symbols should be restricted:

• Ampersand: &
• Equals sign: =
• Apostrophe: ’
• Plus sign: +
• Comma: ,
• Brackets: <, >
• Percent: %
• double quotes: "
• exclamation: !
• Emojis (otherwise mentions are not working :( ) --> Or can we only prevent this in the first couple of characters?

Areas that will be affected

To be added during the refinement