Security: Fix annotation popup XSS vulnerability (#23813)

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>

Security: Fix annotation popup XSS vulnerability (#23813)
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
3955e8cb · Torkel Ödegaard · GitHub · 645dc944 · 3955e8cb
Commit 3955e8cb authored Apr 23, 2020 by Torkel Ödegaard Committed by GitHub Apr 23, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 1 additions and 1 deletions

public/app/features/annotations/annotation_tooltip.ts
+1 -1

No files found.
--- a/public/app/features/annotations/annotation_tooltip.ts
+++ b/public/app/features/annotations/annotation_tooltip.ts
@@ -72,7 +72,7 @@ export function annotationTooltipDirective(
      tooltip += '<div class="graph-annotation__body">';

      if (text) {
-        tooltip += '<div>' + sanitizeString(text.replace(/\n/g, '<br>')) + '</div>';
+        tooltip += '<div ng-non-bindable>' + sanitizeString(text.replace(/\n/g, '<br>')) + '</div>';
      }

      const tags = event.tags;