Security: Fix annotation popup XSS vulnerability (#23813)

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2025-02-25 18:55:37 -06:00 · 2020-04-23 11:35:43 +02:00
parent 645dc944db
commit 3955e8cbad
1 changed files with 1 additions and 1 deletions
--- a/public/app/features/annotations/annotation_tooltip.ts
+++ b/public/app/features/annotations/annotation_tooltip.ts
@@ -72,7 +72,7 @@ export function annotationTooltipDirective(
      tooltip += '<div class="graph-annotation__body">';

      if (text) {
-        tooltip += '<div>' + sanitizeString(text.replace(/\n/g, '<br>')) + '</div>';
+        tooltip += '<div ng-non-bindable>' + sanitizeString(text.replace(/\n/g, '<br>')) + '</div>';
      }

      const tags = event.tags;