S2S whitelist form saving domains with "-" without it
When trying to add a domain with "-" (e.g. server-server.com) into whitelist on Server to Server page, it saves it without it (e.g. serverserver.com). Reporter says it was ok before the update. Maybe another victim of XSS fixes?
Replace the standard XSS filter with someting more appropriate for domain name validation.