Skip to content

N
nexpie-grafana-theme
Commit 3a25a0de by Sven Klemm
Options

Escape values in metric segment and sql part

parent 3f6f98a5
Showing with 8 additions and 6 deletions
public/app/core/components/sql_part/sql_part_editor.ts
...@@ -109,12 +109,12 @@ export function sqlPartEditorDirective($compile, templateSrv) { ...@@ -109,12 +109,12 @@ export function sqlPartEditorDirective($compile, templateSrv) {
$scope.$apply(() => { $scope.$apply(() => {
$scope.handleEvent({ $event: { name: 'get-param-options', param: param } }).then(result => { $scope.handleEvent({ $event: { name: 'get-param-options', param: param } }).then(result => {
const dynamicOptions = _.map(result, op => { const dynamicOptions = _.map(result, op => {
return op.value; return _.escape(op.value);
}); });
// add current value to dropdown if it's not in dynamicOptions // add current value to dropdown if it's not in dynamicOptions
if (_.indexOf(dynamicOptions, part.params[paramIndex]) === -1) { if (_.indexOf(dynamicOptions, part.params[paramIndex]) === -1) {
dynamicOptions.unshift(part.params[paramIndex]); dynamicOptions.unshift(_.escape(part.params[paramIndex]));
} }
callback(dynamicOptions); callback(dynamicOptions);
...@@ -129,6 +129,7 @@ export function sqlPartEditorDirective($compile, templateSrv) { ...@@ -129,6 +129,7 @@ export function sqlPartEditorDirective($compile, templateSrv) {
minLength: 0, minLength: 0,
items: 1000, items: 1000,
updater: value => { updater: value => {
value = _.unescape(value);
if (value === part.params[paramIndex]) { if (value === part.params[paramIndex]) {
clearTimeout(cancelBlur); clearTimeout(cancelBlur);
$input.focus(); $input.focus();
......
public/app/core/directives/metric_segment.ts
...@@ -56,7 +56,7 @@ export function metricSegment($compile, $sce) { ...@@ -56,7 +56,7 @@ export function metricSegment($compile, $sce) {
} }
} else if (segment.custom !== 'false') { } else if (segment.custom !== 'false') {
segment.value = value; segment.value = value;
segment.html = $sce.trustAsHtml(value); segment.html = _.escape(value);
segment.expandable = true; segment.expandable = true;
segment.fake = false; segment.fake = false;
} }
...@@ -95,7 +95,7 @@ export function metricSegment($compile, $sce) { ...@@ -95,7 +95,7 @@ export function metricSegment($compile, $sce) {
// add custom values // add custom values
if (segment.custom !== 'false') { if (segment.custom !== 'false') {
if (!segment.fake && _.indexOf(options, segment.value) === -1) { if (!segment.fake && _.indexOf(options, segment.value) === -1) {
options.unshift(segment.value); options.unshift(_.escape(segment.value));
} }
} }
...@@ -105,6 +105,7 @@ export function metricSegment($compile, $sce) { ...@@ -105,6 +105,7 @@ export function metricSegment($compile, $sce) {
}; };
$scope.updater = value => { $scope.updater = value => {
value = _.unescape(value);
if (value === segment.value) { if (value === segment.value) {
clearTimeout(cancelBlur); clearTimeout(cancelBlur);
$input.focus(); $input.focus();
...@@ -219,7 +220,7 @@ export function metricSegmentModel(uiSegmentSrv, $q) { ...@@ -219,7 +220,7 @@ export function metricSegmentModel(uiSegmentSrv, $q) {
cachedOptions = $scope.options; cachedOptions = $scope.options;
return $q.when( return $q.when(
_.map($scope.options, option => { _.map($scope.options, option => {
return { value: option.text }; return { value: _.escape(option.text) };
}) })
); );
} else { } else {
...@@ -229,7 +230,7 @@ export function metricSegmentModel(uiSegmentSrv, $q) { ...@@ -229,7 +230,7 @@ export function metricSegmentModel(uiSegmentSrv, $q) {
if (option.html) { if (option.html) {
return option; return option;
} }
return { value: option.text }; return { value: _.escape(option.text) };
}); });
}); });
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment