IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

TablePanel: Fix XSS issue in header column rename (#23816)

Browse Source 
* prevent xss

* added escaping on tooltip.

* Rebase done

Co-authored-by: Marcus Andersson <marcus.andersson@grafana.com>
This commit is contained in:
Torkel Ödegaard 2020-04-23 14:15:48 +02:00 committed by GitHub
parent c9e7796b33
commit 0284747c88
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
public/app/plugins/panel/table-old/renderer.ts
View File

@ -56,7 +56,7 @@ export class TableRenderer {
column.style = style;
if (style.alias) {
column.title = column.text.replace(regex, style.alias);
column.title = textUtil.escapeHtml(column.text.replace(regex, style.alias));
}
break;
@ -300,7 +300,7 @@ export class TableRenderer {
const cellLink = this.templateSrv.replace(column.style.linkUrl, scopedVars, encodeURIComponent);
const sanitizedCellLink = textUtil.sanitizeUrl(cellLink);
const cellLinkTooltip = this.templateSrv.replace(column.style.linkTooltip, scopedVars);
const cellLinkTooltip = textUtil.escapeHtml(this.templateSrv.replace(column.style.linkTooltip, scopedVars));
const cellTarget = column.style.linkTargetBlank ? '_blank' : '';
cellClasses.push('table-panel-cell-link');