Security: Tag value sanitization fix in OpenTSDB data source (#24539)

Adds HTML sanitization to the tag value of the OpenTSDB datasource. Fixes #24537

Security: Tag value sanitization fix in OpenTSDB data source (#24539)
Adds HTML sanitization to the tag value of the OpenTSDB datasource. Fixes #24537
125ba956 · Rotem Reiss · GitHub · 164242f5 · 125ba956
Commit 125ba956 authored May 12, 2020 by Rotem Reiss Committed by GitHub May 12, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletions

public/app/plugins/datasource/opentsdb/query_ctrl.ts
+2 -1

No files found.
--- a/public/app/plugins/datasource/opentsdb/query_ctrl.ts
+++ b/public/app/plugins/datasource/opentsdb/query_ctrl.ts
@@ -2,6 +2,7 @@ import _ from 'lodash';
 import kbn from 'app/core/utils/kbn';
 import { QueryCtrl } from 'app/plugins/sdk';
 import { auto } from 'angular';
+import { textUtil } from '@grafana/data';

 export class OpenTsQueryCtrl extends QueryCtrl {
  static templateUrl = 'partials/query.editor.html';
@@ -90,7 +91,7 @@ export class OpenTsQueryCtrl extends QueryCtrl {

  getTextValues(metricFindResult: any) {
    return _.map(metricFindResult, value => {
-      return value.text;
+      return textUtil.escapeHtml(value.text);
    });
  }