Project

General

Profile

Actions

Bug #13387

closed

Input validation is not rejecting invalid description characters when editing a CA or Certificate

Added by Jim Pingle about 2 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
High
Assignee:
Category:
Certificates
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
23.01
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

When editing an existing CA or Certificate, the description is not validated on save the way it is validated during other action (create, sign, etc).

There are some instances where the description is displayed without encoding as it's assumed to be validated, which means there is a potential for XSS there (e.g. save messages, Issuer column displaying the CA name, perhaps others), so we should encode those for good measure in addition to the validation.

Actions

Also available in: Atom PDF