IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Sanitize: do not escape forward slash (#65416)

Browse Source
This commit is contained in:
Kristian Bremberg 2023-03-28 18:42:53 +02:00 committed by GitHub
parent 09ff5ab522
commit 420aeb3bec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
packages/grafana-data/src/text/sanitize.ts
View File

@ -85,6 +85,5 @@ export function escapeHtml(str: string): string {
.replace(/</g, '&lt;') .replace(/</g, '&lt;')
.replace(/>/g, '&gt;') .replace(/>/g, '&gt;')
.replace(/'/g, '&#39;') .replace(/'/g, '&#39;')
.replace(/\//g, '&#47;')
.replace(/"/g, '&quot;'); .replace(/"/g, '&quot;');
} }

2
public/app/features/templating/template_srv.test.ts
View File

@ -420,7 +420,7 @@ describe('templateSrv', () => {
{ type: 'query', name: 'test', current: { value: '<script>alert(asd)</script>' } }, { type: 'query', name: 'test', current: { value: '<script>alert(asd)</script>' } },
]); ]);
const target = _templateSrv.replace('$test', {}, 'html'); const target = _templateSrv.replace('$test', {}, 'html');
expect(target).toBe('&lt;script&gt;alert(asd)&lt;&#47;script&gt;'); expect(target).toBe('&lt;script&gt;alert(asd)&lt;/script&gt;');
}); });
}); });