Commit 3955e8cb by Torkel Ödegaard Committed by GitHub

Security: Fix annotation popup XSS vulnerability (#23813)

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
parent 645dc944
...@@ -72,7 +72,7 @@ export function annotationTooltipDirective( ...@@ -72,7 +72,7 @@ export function annotationTooltipDirective(
tooltip += '<div class="graph-annotation__body">'; tooltip += '<div class="graph-annotation__body">';
if (text) { if (text) {
tooltip += '<div>' + sanitizeString(text.replace(/\n/g, '<br>')) + '</div>'; tooltip += '<div ng-non-bindable>' + sanitizeString(text.replace(/\n/g, '<br>')) + '</div>';
} }
const tags = event.tags; const tags = event.tags;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment