Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Escaped Strings in Quick Values improperly "Add to Search Query" #1484
Thanks for the quick fix on Issue #1455 -- alleviates alot of security concerns.
Related to that issue though:
Any values clicked on from Quick Values will have the HTML Escaped version in the search bar (< > in all their glory) which doesn't find the appropriate values in the prefix search context on the field.
How did you manage to get
added a commit
Jun 15, 2015
When testing I just did it the quick route and added a static field with HTML markup onto a random HTTP input on the fly.
I also overrided the source and replaced source with HTML markup to make sure the graph on the sources page was escaped too (it is :) )
In production we have email logs (message-ids in emails frequently are wrapped in < > ) and we have HTML links. Just sending those over via GELF TCP got the < > into the system for us.