Skip to content

Commit

Permalink
TablePanel: Fix XSS issue in header column rename (#23816)
Browse files Browse the repository at this point in the history
* prevent xss

* added escaping on tooltip.

* Rebase done

Co-authored-by: Marcus Andersson <marcus.andersson@grafana.com>
  • Loading branch information
torkelo and mckn committed Apr 23, 2020
1 parent c9e7796 commit 0284747
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions public/app/plugins/panel/table-old/renderer.ts
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ export class TableRenderer {
column.style = style;

if (style.alias) {
column.title = column.text.replace(regex, style.alias);
column.title = textUtil.escapeHtml(column.text.replace(regex, style.alias));
}

break;
Expand Down Expand Up @@ -300,7 +300,7 @@ export class TableRenderer {
const cellLink = this.templateSrv.replace(column.style.linkUrl, scopedVars, encodeURIComponent);
const sanitizedCellLink = textUtil.sanitizeUrl(cellLink);

const cellLinkTooltip = this.templateSrv.replace(column.style.linkTooltip, scopedVars);
const cellLinkTooltip = textUtil.escapeHtml(this.templateSrv.replace(column.style.linkTooltip, scopedVars));
const cellTarget = column.style.linkTargetBlank ? '_blank' : '';

cellClasses.push('table-panel-cell-link');
Expand Down

0 comments on commit 0284747

Please sign in to comment.