Developers, Always, ALWAYS Trim white-space from User Input

I just finished reading a story about a bug in Hyundai and Genesis vehicles which allows unauthorized individuals to unlock the cars remotely. Full-disclosure, I’m a Genesis owner, so this one got my attention straight away.

Apparently the Genesis software makes a couple of crucial mistakes. First and foremost, they don’t require email address confirmation. Secondly, they are allowing garbage in the email field, including control characters. It’s not completely wide-open, but apparently the regex that they use to validate user…