.png){kind=logo}
Character Limitations
Default Restrictions
The following characters are banned to avoid XSS-attacks and SQL-injections (note that some sets overlap)
Character Set | Reason |
|---|---|
< > | Not allowed in XSS compatible strings |
' " \n \r \ ; & | ! \0 % ` < > ? $ ~ | Not allowed in strings that may be used in db queries – characters in this list will be replaced with a forward slash '/'. Note: This set of characters can be configured (see below). |
" \n \r \ ; & | ! \0 % ` < > ? $ ~ | Not allowed in strings that may be used in db queries, assuming single quote is escaped |
\0 \n \r / \\ ? % $ * : ; | \" \' ` < > | Not allowed in filenames |
', \" \\ + < > ; = # <space> | Characters that are allowed to be escaped in strings according to RFC 2253, section 2.4 lists. We also allow '=' to be escaped. |
Configuration
The set of restricted characters (noted in the table above) for database insertion can be modified through ConfigDump (system-config/global-cesecore-configuration.yaml) or in the UI, inder System Configuration → Basic Configuration → Database Configuration
Please note that modification of this list can result in serious risk of continued functionality, and should only be performed after careful evaluation.