[1.4.x] Prevented newlines from being accepted in some validators.

This is a security fix; disclosure to follow shortly.

Thanks to Sjoerd Job Postmus for the report and draft patch.