What about leading whitespace? Or the different variants of spaces?

Only visible characters should be allowed.

Honestly, this could be fixed by adding character codes so that there can be no confusion in the future to a player's username

And then there's IJ (IJ) vsIJ (IJ) (though cases like these are less of an issue when the sprite font is used)

Let's say we trim the whitespace. Where do we that? In client username selection? What if the key user has registered with his server of choice was that of a username with space? Should servers validate and enforce this? Since we expect clients to trim usernames, a hacked client allowing untrimmed usernames would be a dead giveaway of it being up to no good. Or should we just rename the user to a one with trimmed whitespace?

I think servers use what ever user name is in the users.json, so you should be able to just trim it on the server on first adding a new user.

How should usernames that consist only of whitespaces be handled?
They could be replaced with _ or something more visible like #
Applying this to only to leading and trailing whitespaces still leaves possible attacks aimed at usernames with allowed whitespaces:
Allowed_Name - Allowed__Name (markdown trims multiple whitespaces).

5015 would help in this case.

simple, if it's all whitespaces, it's invalid... (imagine trying to click
on to copy and paste or guess the length of the name should it be all
whitespaces)

On Sat, Jun 24, 2017 at 5:51 PM, Tomas Dittmann notifications@github.com
wrote:

How should usernames that consist only of whitespaces be handled?

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/OpenRCT2/OpenRCT2/issues/4301#issuecomment-310868004,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AML0tAYINHWkJ-VSc7ofWCdtOBO-_tjcks5sHYTmgaJpZM4JmZ7h
.