@jstepien shit’s real. I’ve once been in the receiving end of a « security audit » for our website, and the auditor found a ✌️flaw ✌️in that we were accepting too wide a range of characters for name fields. The recommendation was to restrict to the basic [A-Za-z] set and « a few accents so that covers most names everywhere » lol

In fact we should flatly forbid strings IMO.