Pillowfort… wut u doin’, man?

(With original credit here.)

Edited to add: From reports by other users, it seems Pillowfort isn’t doing any robust sanitization on usernames at all, allowing things like slashes and period and spaces that break their own UI. This is… not good. Weren’t they supposed to’ve done a “security audit” after their hack a few weeks back?