IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Security: Fix XSS in runbook URL (#59540)

Browse Source 
Fix XSS in runbook URL

Co-authored-by: George Robinson <george.robinson@grafana.com>
This commit is contained in:
Dimitris Sotirakis 2022-11-30 12:37:16 +02:00 committed by GitHub
parent 701d1b135e
commit ba0b2dfa1a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
public/app/features/alerting/unified/components/rules/RuleDetailsActionButtons.tsx
View File

@ -1,7 +1,7 @@
import { css } from '@emotion/css'; import { css } from '@emotion/css';
import React, { FC, Fragment } from 'react'; import React, { FC, Fragment } from 'react';
import { GrafanaTheme2 } from '@grafana/data'; import { GrafanaTheme2, textUtil } from '@grafana/data';
import { Button, HorizontalGroup, LinkButton, useStyles2 } from '@grafana/ui'; import { Button, HorizontalGroup, LinkButton, useStyles2 } from '@grafana/ui';
import { contextSrv } from 'app/core/services/context_srv'; import { contextSrv } from 'app/core/services/context_srv';
import { AccessControlAction } from 'app/types'; import { AccessControlAction } from 'app/types';
@ -61,7 +61,7 @@ export const RuleDetailsActionButtons: FC<Props> = ({ rule, rulesSource }) => {
variant="primary" variant="primary"
icon="book" icon="book"
target="__blank" target="__blank"
href={rule.annotations[Annotation.runbookURL]} href={textUtil.sanitizeUrl(rule.annotations[Annotation.runbookURL])}
> >
View runbook View runbook
</LinkButton> </LinkButton>