Restrict use of special characters

How to restrict the use of the special characters < and >

For general protection of XSS, it is now possible, with the 9.3 release, to restrict users from entering HTML tags in various fields.

To get a full view of the settings, press the Expert Mode button from the GateManager Configuration.

Expert mode enables the Sanitize Input options.

The Sanitize Input settings are accessible from the server configuration: "GateManager Configuration -> "Miscellaneous". Click the Edit button at the top to enable configuration.

From the 9.3 release, you can sanitize the input in various fields.

The Sanitize Input options are:

• Disabled (Trust everyone) - Don't sanitize any input at all, and allow everyone to enter HTML.

• Enforced (Trust no one) - Unconditionally sanitize all input fields.

• Trust Server Administrators - Allow only server administrators to enter and edit HTML.

• Trust Server and Distributor admins - Allow only server and distributor administrators to enter and edit HTML.

• Trust all administrators - Allow all administrator accounts to enter and edit HTML.

For most input fields, it is no longer possible to enter < or > characters, as they are involuntarily replaced by [ and ] characters when the GateManager's web-server parses the CGI parameters. 

Since we still have to be able to upload binary files, edit HTML data, XML configurations, and allow cases where an e-mail address is written as "User Name <email@address>", input fields whose (internal) names start with "raw" will bypass the initial force-replace and will subsequently, be handled individually, on an "as needed" basis.

This "as needed" is further restricted to selected groups of administrators (defined by their roles) via a new "Sanitize Input" expert mode parameter. By default, only the server administrator is allowed to use < or > in the non-restricted input fields (and, thus, to edit HTML or upload binary files).

The only exceptions to this rule are.

• Configuration profiles are never sanitized (thus, any administrator can enter XML here).

• Any administrator can upload domain logo files (we don't support SVG logos, so it should be safe).

• User certificates used during login are never sanitized (they are binary files, and if they are saved in the browser, GM converts them to HEX, so no harm can be done through saving the files in the browser).

The following Server Config input fields may still contain < ... > (all other settings cannot): *)

• Account Settings: Account E-mail From Blind Copy E-mail Address

• Alert Settings: From Address, Blind Copy E-mail Address

• Remote Service Agent: Contact

*) Note that only Server Admins can edit these settings.

The various files, scripts, and templates located under "Files" may still contain HTML code, but is only able to be edited by trusted accounts (Server Admin).

The Domain Messages can still contain HTML code - but only a trusted account (Server Admin) can enter and edit HTML messages. Other administrators are restricted to creating text-only messages.

To completely disable all occurrences of < ... > in input fields, set sanitize_input = 0 in /gm/cloud.conf; making this setting there prevents  logged-in server administrators from changing the "Sanitize Input" setting to allow HTML.