Comment 31 for bug 1308727

Hey Matthias. I don't think we should try to sanitise/change names on input, since users can always use the CLI to create networks with "forbidden" characters. Whenever we disallow in Horizon things that users can do on the CLI it tends to lead to confusion and bug reports. (Also we don't know if we'll need to display the name in HTML, Javascript or clear log messages so we can't guess at what format to escape and store it in at input time.)

The other part of the patch is interesting but doesn't seem to work for me, e.g. in the Launch Instance screen the network named "<script>" becomes "\u003Cscript\u003E" which granted doesn't trigger the XSS anymore but doesn't read very user-friendly. Am I looking in the wrong place?

Thank you for the input! If you have time to provide feedback on the other aspects of the patch I would really appreciate it too.