For example, I am creating a forum. The registration page requires a name, a username, an email, a password, and a confirm password field.
For the username, I will check for length. I assume I need to trim the beginning and end of the string for whitespace. I also need to verify there is no whitespace within the string. What about HTML entitites or the use of unicode characters? Will that affect the length of the string? Would I need to decode these first before verifying the length? What about stripping tags? Would I need to decode any html entities before I strip any tags? What else should I consider?