diff --git a/cs/src/Contracts/TunnelConstraints.cs b/cs/src/Contracts/TunnelConstraints.cs index 63e51d26..db76f3db 100644 --- a/cs/src/Contracts/TunnelConstraints.cs +++ b/cs/src/Contracts/TunnelConstraints.cs @@ -369,7 +369,7 @@ public static class TunnelConstraints /// formatted name with email. The service will block any other use of angle-brackets, /// to avoid any XSS risks. /// - public const string AccessControlSubjectNamePattern = "[ \\w\\d-.,/'\"_@()<>]{0,200}"; + public const string AccessControlSubjectNamePattern = "[ \\w\\d-.,/:'\"_@()<>]{0,200}"; /// /// Regular expression that can match or validate an access control subject name, when resolving diff --git a/go/tunnels/tunnel_constraints.go b/go/tunnels/tunnel_constraints.go index 547fe0c4..929e10b9 100644 --- a/go/tunnels/tunnel_constraints.go +++ b/go/tunnels/tunnel_constraints.go @@ -156,7 +156,7 @@ const ( // Note angle-brackets are only allowed when they wrap an email address as part of a // formatted name with email. The service will block any other use of angle-brackets, to // avoid any XSS risks. - TunnelConstraintsAccessControlSubjectNamePattern = "[ \\w\\d-.,/'\"_@()<>]{0,200}" + TunnelConstraintsAccessControlSubjectNamePattern = "[ \\w\\d-.,/:'\"_@()<>]{0,200}" ) var ( // Regular expression that can match or validate tunnel cluster ID strings. diff --git a/java/src/main/java/com/microsoft/tunnels/contracts/TunnelConstraints.java b/java/src/main/java/com/microsoft/tunnels/contracts/TunnelConstraints.java index 8f338826..d7f4bde6 100644 --- a/java/src/main/java/com/microsoft/tunnels/contracts/TunnelConstraints.java +++ b/java/src/main/java/com/microsoft/tunnels/contracts/TunnelConstraints.java @@ -298,7 +298,7 @@ public class TunnelConstraints { * formatted name with email. The service will block any other use of angle-brackets, * to avoid any XSS risks. */ - public static final String accessControlSubjectNamePattern = "[ \\w\\d-.,/'\"_@()<>]{0,200}"; + public static final String accessControlSubjectNamePattern = "[ \\w\\d-.,/:'\"_@()<>]{0,200}"; /** * Regular expression that can match or validate an access control subject name, when diff --git a/rs/src/contracts/tunnel_constraints.rs b/rs/src/contracts/tunnel_constraints.rs index 91001e52..a1e04e89 100644 --- a/rs/src/contracts/tunnel_constraints.rs +++ b/rs/src/contracts/tunnel_constraints.rs @@ -150,4 +150,4 @@ pub const ACCESS_CONTROL_SUBJECT_PATTERN: &str = r#"[0-9a-zA-Z-._:/@]{0,200}"#; // Note angle-brackets are only allowed when they wrap an email address as part of a // formatted name with email. The service will block any other use of angle-brackets, to // avoid any XSS risks. -pub const ACCESS_CONTROL_SUBJECT_NAME_PATTERN: &str = r#"[ \w\d-.,/'"_@()<>]{0,200}"#; +pub const ACCESS_CONTROL_SUBJECT_NAME_PATTERN: &str = r#"[ \w\d-.,/:'"_@()<>]{0,200}"#; diff --git a/ts/src/contracts/tunnelConstraints.ts b/ts/src/contracts/tunnelConstraints.ts index 985b8815..19f02060 100644 --- a/ts/src/contracts/tunnelConstraints.ts +++ b/ts/src/contracts/tunnelConstraints.ts @@ -295,7 +295,7 @@ export namespace TunnelConstraints { * formatted name with email. The service will block any other use of angle-brackets, * to avoid any XSS risks. */ - export const accessControlSubjectNamePattern: string = '[ \\w\\d-.,/\'"_@()<>]{0,200}'; + export const accessControlSubjectNamePattern: string = '[ \\w\\d-.,/:\'"_@()<>]{0,200}'; /** * Regular expression that can match or validate an access control subject name, when