Input validation is not rejecting invalid description characters when editing a CA or Certificate
When editing an existing CA or Certificate, the description is not validated on save the way it is validated during other action (create, sign, etc).
There are some instances where the description is displayed without encoding as it's assumed to be validated, which means there is a potential for XSS there (e.g. save messages, Issuer column displaying the CA name, perhaps others), so we should encode those for good measure in addition to the validation.
Updated by Danilo Zrenjanin 10 months ago
- Status changed from Feedback to Resolved
23.01-DEVELOPMENT (amd64) built on Fri Dec 02 06:04:48 UTC 2022 FreeBSD 14.0-CURRENT
It does the input validation when editing the existing CA or Certificate. I am marking this ticket resolved.