Reduced attack vectors for query and form variables while keeping semantics - improve form_parameter and query variable validation - revert partly change: it is intentional that in case of validation errors, the instances variables of the in-memory object contain invalid data in order to be able to show the use the invalid data in the form. - prefer "string first" idiom over regular expression