IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

TextPanel: Sanitize after markdown has been rendered to html (#46166)

Browse Source 
* Sanitize after markdown has been rendered to html

* Update e2e test
This commit is contained in:
Ashley Harrison 2022-03-03 16:50:09 +00:00 committed by GitHub
parent 994a22f4c2
commit b1125c0ba3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
e2e/dashboards-suite/dashboard-templating.spec.ts
View File

@ -27,7 +27,7 @@ e2e.scenario({
`Server:pipe = A'A"A|BB\\B|CCC`,
`Server:distributed = A'A"A,Server=BB\\B,Server=CCC`,
`Server:csv = A'A"A,BB\\B,CCC`,
`Server:html = A'A"A, BB\\B, CCC`,
`Server:html = A'A"A, BB\\B, CCC`,
`Server:json = ["A'A\\"A","BB\\\\B","CCC"]`,
`Server:percentencode = %7BA%27A%22A%2CBB%5CB%2CCCC%7D`,
`Server:singlequote = 'A\\'A"A','BB\\B','CCC'`,

8
public/app/plugins/panel/text/TextPanel.tsx
View File

@ -44,9 +44,11 @@ export class TextPanel extends PureComponent<Props, State> {
prepareMarkdown(content: string): string {
// Sanitize is disabled here as we handle that after variable interpolation
return renderTextPanelMarkdown(this.interpolateAndSanitizeString(content), {
noSanitize: config.disableSanitizeHtml,
});
return this.interpolateAndSanitizeString(
renderTextPanelMarkdown(content, {
noSanitize: config.disableSanitizeHtml,
})
);
}
interpolateAndSanitizeString(content: string): string {