Entering text strings (names)
Text strings are used to name entities in the configuration. For example, the name of a firewall address, administrative user, and so on. You can enter any character in a FortiGate configuration text string except, to prevent Cross-Site Scripting (XSS) vulnerabilities, the following characters:
“ (double quote), & (ampersand), ' (single quote), < (less than) and > (greater than)
Most web‑based manager text string fields make it easy to add an acceptable number of characters and prevent you from adding the XSS vulnerability characters.
| There is a different character limitation for VDOM names and hostnames. For both, the only legal characters are are numbers (0-9), letters (a-z, A-Z), and special characters - and _. |
From the CLI, you can also use the tree command to view the number of characters that are allowed in a name field. For example, firewall address names can contain up to 64 characters. When you add a firewall address to the web‑based manager, you are limited to entering 64 characters in the firewall address name field. From the CLI you can enter the following tree command to confirm that the firewall address name field allows 64 characters.
config firewall address
tree
-- [address] --*name (64)
|- subnet
|- type
|- start-ip
|- end-ip
|- fqdn (256)
|- cache-ttl (0,86400)
|- wildcard
|- comment (64 xss)
|- associated-interface (16)
+- color (0,32)
The tree command output also shows the number of characters allowed for other firewall address name settings. For example, the fully-qualified domain name (fqdn) field can contain up to 256 characters.