IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

feat: wip: Sanitize user input on text panel

Browse Source
This commit is contained in:
Johannes Schill
2019-01-17 14:44:52 +01:00
parent a3e13b333e
commit 15d560a1c0
8 changed files with 45 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
public/app/plugins/panel/text/module.ts
View File

@@ -1,6 +1,8 @@
import _ from 'lodash';
import { PanelCtrl } from 'app/plugins/sdk';
import Remarkable from 'remarkable';
import { sanitize } from 'app/core/utils/text';
import config from 'app/core/config';
const defaultContent = `
# Title
@@ -44,8 +46,9 @@ export class TextPanelCtrl extends PanelCtrl {
$scope.$watch(
renderWhenChanged,
_.throttle(() => {
console.log('this.render', new Date());
this.render();
}, 1000, {trailing: true})
}, 2000, {trailing: true, leading: true})
);
}
@@ -70,7 +73,7 @@ export class TextPanelCtrl extends PanelCtrl {
this.renderingCompleted();
}
renderText(content) {
renderText(content: string) {
content = content
.replace(/&/g, '&')
.replace(/>/g, '>')
@@ -79,7 +82,7 @@ export class TextPanelCtrl extends PanelCtrl {
this.updateContent(content);
}
renderMarkdown(content) {
renderMarkdown(content: string) {
if (!this.remarkable) {
this.remarkable = new Remarkable();
}
@@ -89,7 +92,10 @@ export class TextPanelCtrl extends PanelCtrl {
});
}
updateContent(html) {
updateContent(html: string) {
const { sanitizeInput } = config;
html = sanitizeInput ? sanitize(html) : html;
console.log('html', html);
try {
this.content = this.$sce.trustAsHtml(this.templateSrv.replace(html, this.panel.scopedVars));
} catch (e) {