Skip to content

Perform input filtering/validation on webauthn name #1254

Description

@jwag956

Currently we don't limit webauthn/passkey names in any way. Not a big issue since only the user can see it - but it could possibly cause an issue if an admin views the records. There is no reason to allow arbitrary input - should follow the lead of username and use nh3 to strip tags and then compare with unicode characters.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions