Bug #465
closed
Description input validation too strict
0%
Description
The input validation on description fields in firewall rules at a minimum, possibly elsewhere, is too strict. The default LAN description in 1.2.x isn't allowed, "Default LAN > any". I see it's changed to remove that default, but we cannot make rules on countless thousands of systems uneditable after they upgrade, that has to be changed back to allow ">".
Updated by Ermal Luçi over 14 years ago
- Status changed from New to Feedback
We can encode all description fields with base64 so no problems should arise.
Agreed?
Updated by Jim Pingle over 14 years ago
That may be too harsh. Having those descriptions be readable in the config.xml is a large benefit, IMHO.
Updated by Erik Fonnesbeck over 14 years ago
It also might work to encode the characters using HTML and depend on the web browser to decode the text, instead of having to add code for decoding it before sending it out to the browser.
Updated by Seth Mos over 14 years ago
- Status changed from Feedback to Resolved
stripping the < character before comparison works here. Confirmed that it still triggers on <