During installation, if a user provides a database password containing an HTML entity (&, ", <, >) character, they will be expanded to their entity code when testing the database connection. These characters work fine in config.php, just not during installation. Additionally, if the password ends in a space, the space will be trimmed off.