When trying to add a domain with "-" (e.g. server-server.com) into whitelist on Server to Server page, it saves it without it (e.g. serverserver.com). Reporter says it was ok before the update. Maybe another victim of XSS fixes?
Submitted PR #89.
Replace the standard XSS filter with someting more appropriate for domain name validation.