Improve username filtering regex in profiling example for better input handling #7867
Description
Enter your suggestions in details:
Hello,
I understand that this is a learning example for profiling,
but the current username special character filtering is quite limited.
Even for educational purposes, I believe it would be better to use a broader filtering pattern.
In this file:
nodejs.org/apps/site/pages/en/learn/getting-started/profiling.md
The relevant code snippet is:
app.get('/newUser', (req, res) => {
let username = req.query.username || '';
const password = req.query.password || '';
username = username.replace(/[!@#$%^&*]/g, ''); //<-- this part
if (!username || !password || users[username]) {
return res.sendStatus(400);
}
const salt = crypto.randomBytes(128).toString('base64');
const hash = crypto.pbkdf2Sync(password, salt, 10000, 512, 'sha512');
users[username] = { salt, hash };
res.sendStatus(200);
});I suggest changing the filtering line to:
username = username.replace(/[^a-zA-Z0-9]/g, '');to allow only alphanumeric characters would make the input handling cleaner
and serve as a better example for learners.
I’d appreciate your thoughts on this suggestion!