fix(annotations): Fixed issue when html sanitizer failes for title to annotation…

fix(annotations): Fixed issue when html sanitizer failes for title to annotation body, now fallbacks to html escaping title and text, fixes #2563

CHANGELOG.md

@@ -14,6 +14,7 @@ it allows you to add queries of differnet data source types & instances to the s
 - [Issue #2568](https://github.com/grafana/grafana/issues/2568). AuthProxy: Fix for server side rendering of panel when using auth proxy
 - [Issue #2568](https://github.com/grafana/grafana/issues/2568). AuthProxy: Fix for server side rendering of panel when using auth proxy
 - [Issue #2490](https://github.com/grafana/grafana/issues/2490). Graphite: Dashboard import was broken in 2.1 and 2.1.1, working now
 - [Issue #2490](https://github.com/grafana/grafana/issues/2490). Graphite: Dashboard import was broken in 2.1 and 2.1.1, working now
 - [Issue #2565](https://github.com/grafana/grafana/issues/2565). TimePicker: Fix for when you applied custom time range it did not refreh dashboard
 - [Issue #2565](https://github.com/grafana/grafana/issues/2565). TimePicker: Fix for when you applied custom time range it did not refreh dashboard
+- [Issue #2563](https://github.com/grafana/grafana/issues/2563). Annotations: Fixed issue when html sanitizer failes for title to annotation body, now fallbacks to html escaping title and text
 
 
 **Breaking Changes**
 **Breaking Changes**
 - Notice to makers/users of custom data sources, there is a minor breaking change in 2.2 that
 - Notice to makers/users of custom data sources, there is a minor breaking change in 2.2 that

public/app/directives/annotationTooltip.js

@@ -9,17 +9,28 @@ function (angular, $, _) {
   angular
   angular
   .module('grafana.directives')
   .module('grafana.directives')
   .directive('annotationTooltip', function($sanitize, dashboardSrv, $compile) {
   .directive('annotationTooltip', function($sanitize, dashboardSrv, $compile) {
+
+    function sanitizeString(str) {
+      try {
+        return $sanitize(str);
+      }
+      catch(err) {
+        console.log('Could not sanitize annotation string, html escaping instead');
+        return _.escape(str);
+      }
+    }
+
     return {
     return {
       link: function (scope, element) {
       link: function (scope, element) {
         var event = scope.event;
         var event = scope.event;
-        var title = $sanitize(event.title);
+        var title = sanitizeString(event.title);
         var dashboard = dashboardSrv.getCurrent();
         var dashboard = dashboardSrv.getCurrent();
         var time = '<i>' + dashboard.formatDate(event.min) + '</i>';
         var time = '<i>' + dashboard.formatDate(event.min) + '</i>';
 
 
         var tooltip = '<div class="graph-tooltip small"><div class="graph-tooltip-time">' + title + ' ' + time + '</div> ' ;
         var tooltip = '<div class="graph-tooltip small"><div class="graph-tooltip-time">' + title + ' ' + time + '</div> ' ;
 
 
         if (event.text) {
         if (event.text) {
-          var text = $sanitize(event.text);
+          var text = sanitizeString(event.text);
           tooltip += text.replace(/\n/g, '<br>') + '<br>';
           tooltip += text.replace(/\n/g, '<br>') + '<br>';
         }
         }
 
 

public/app/features/annotations/annotationsSrv.js

@@ -62,7 +62,7 @@ define([
         min: options.time,
         min: options.time,
         max: options.time,
         max: options.time,
         eventType: options.annotation.name,
         eventType: options.annotation.name,
-        title: options.title,
+        title: 'Torkel <test@asd.com>',//  options.title,
         tags: options.tags,
         tags: options.tags,
         text: options.text,
         text: options.text,
         score: 1
         score: 1