Because I'm genetically pre-disposed to watch every piece of Star Wars content ever created, I signed up for a free trial of Disney's newest streaming service.
As part of onboarding, it asked me to create a profile name. This is typically done so that multi-user households can have separate profiles and preferences. Mum doesn't have her princess stories disrupting Dad's suggestions. And Junior doesn't see what filth their parents are watching late at night. All the better to build up detailed tracking profiles on you, my dear!
Naturally, my first thought was to see if this was exploitable in the form of a self reflected XSS. It was not. In fact, it didn't let any character though which wasn't A-Z and 0-9. To my surprise, it also allowed spaces. So no accents, apostrophes, macrons, or other pesky "foreign" characters.
Including, amusingly, the names of several Disney characters.
OK, that's a bit daft. But it's also needlessly exclusionary. Every class at school has a kid who has to fight for their right to have their name spelled correctly. There are plenty of blended families with hyphenated surnames. Not everyone in the UK speaks a Latin-derived language.
It is technologically illiterate to restrict profile names like this.