Skip to content

Commit

Permalink
Security: Tag value sanitization fix in OpenTSDB data source (#24539)
Browse files Browse the repository at this point in the history
Adds HTML sanitization to the tag value of the OpenTSDB datasource.

Fixes #24537
  • Loading branch information
rotemreiss committed May 12, 2020
1 parent 164242f commit 125ba95
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion public/app/plugins/datasource/opentsdb/query_ctrl.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ import _ from 'lodash';
import kbn from 'app/core/utils/kbn';
import { QueryCtrl } from 'app/plugins/sdk';
import { auto } from 'angular';
import { textUtil } from '@grafana/data';

export class OpenTsQueryCtrl extends QueryCtrl {
static templateUrl = 'partials/query.editor.html';
Expand Down Expand Up @@ -90,7 +91,7 @@ export class OpenTsQueryCtrl extends QueryCtrl {

getTextValues(metricFindResult: any) {
return _.map(metricFindResult, value => {
return value.text;
return textUtil.escapeHtml(value.text);
});
}

Expand Down

0 comments on commit 125ba95

Please sign in to comment.