Closed
Description
You can inject image tags in panel drilldown links (via Title & url fields).
There is no script injection as this already sanitized.
But for these fields there is no need to have html here.
Problem is here:
https://github.com/grafana/grafana/blob/master/public/app/features/panel/panel_ctrl.ts#L269
Think using escape function when building the html there would solve it.
