Text strings
Text strings are used to name entities in the FortiGate configuration. For example, the name of a firewall address, administrator, or interface are all text strings.
The following characters cannot be used in text strings, as they present cross-site scripting (XSS) vulnerabilities:
-
“- double quotes -
'- single quote -
>- greater than -
<- less than
Most GUI text fields prevent XSS vulnerable characters from being added.
|
VDOM names and hostnames can only use numbers (0-9), letters (a-z and A-Z), dashes, and underscores. |
The tree CLI command can be used to view the number of characters allowed in a name field. For example, entering the following commands show that a firewall address name can contain up to 80 characters, while its FQDN can contain 256 characters:
config fire address
(address) # tree
-- [address] --*name (80)
|- uuid
|- subnet
|- type
|- start-mac
|- end-mac
|- start-ip
|- end-ip
|- fqdn (256)
|- country (3)
|- wildcard-fqdn (256)
|- cache-ttl (0,86400)
|- wildcard
|- sdn (36)
|- interface (36)
|- tenant (36)
|- organization (36)
|- epg-name (256)
|- subnet-name (256)
|- sdn-tag (16)
|- policy-group (16)
|- comment
|- visibility
|- associated-interface (36)
|- color (0,32)
|- filter
|- sdn-addr-type
|- obj-id
|- [list] --*ip (36)
|- obj-id (128)
+- net-id (128)
|- [tagging] --*name (64)
|- category (64)
+- [tags] --*name (80)
+- allow-routing