IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Security: Tag value sanitization fix in OpenTSDB data source (#24539)

Browse Source 
Adds HTML sanitization to the tag value of the OpenTSDB datasource.

Fixes #24537
This commit is contained in:
Rotem Reiss 2020-05-12 14:19:00 +03:00 committed by GitHub
parent 164242f5fd
commit 125ba95686
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
public/app/plugins/datasource/opentsdb/query_ctrl.ts
View File

@ -2,6 +2,7 @@ import _ from 'lodash';
import kbn from 'app/core/utils/kbn'; import kbn from 'app/core/utils/kbn';
import { QueryCtrl } from 'app/plugins/sdk'; import { QueryCtrl } from 'app/plugins/sdk';
import { auto } from 'angular'; import { auto } from 'angular';
import { textUtil } from '@grafana/data';
export class OpenTsQueryCtrl extends QueryCtrl { export class OpenTsQueryCtrl extends QueryCtrl {
static templateUrl = 'partials/query.editor.html'; static templateUrl = 'partials/query.editor.html';
@ -90,7 +91,7 @@ export class OpenTsQueryCtrl extends QueryCtrl {
getTextValues(metricFindResult: any) { getTextValues(metricFindResult: any) {
return _.map(metricFindResult, value => { return _.map(metricFindResult, value => {
return value.text; return textUtil.escapeHtml(value.text);
}); });
} }