1 files changed, 23 insertions, 0 deletions

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
index 91d5ecabd..4ee247695 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
@@ -55,6 +55,29 @@ public class StorkConfigValidator {
 			}
 		}
 
+		// check qaa
+		int qaa = form.getDefaultQaa();
+		if(1 > qaa && 4 < qaa) {
+			log.warn("QAA is out of range : " + qaa);
+			errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
+					new Object[] {qaa} ));
+		}
+
+		// check attributes
+		String check = form.getDefaultAttributes();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, true)) {
+				log.warn("default attributes contains potentail XSS characters: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+			if(!check.toLowerCase().matches("^[a-z0-9, ]*$")) {
+					log.warn("default attributes do not match the requested format : " + check);
+					errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
+							new Object[] {check} ));
+			}
+		}
+
 		return errors;
 	}
 }