NewsPanel: Fixed XSS issue when rendering rss links (#27612)

b5886479 · Torkel Ödegaard · GitHub · 58124efd · b5886479
Commit b5886479 authored Sep 16, 2020 by Torkel Ödegaard Committed by GitHub Sep 16, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 1 additions and 1 deletions

public/app/plugins/panel/news/NewsPanel.tsx
+1 -1

No files found.
--- a/public/app/plugins/panel/news/NewsPanel.tsx
+++ b/public/app/plugins/panel/news/NewsPanel.tsx
@@ -77,7 +77,7 @@ export class NewsPanel extends PureComponent<Props, State> {
        {news.map((item, index) => {
          return (
            <div key={index} className={styles.item}>
-              <a href={item.link} target="_blank">
+              <a href={textUtil.sanitizeUrl(item.link)} target="_blank">
                <div className={styles.title}>{item.title}</div>
                <div className={styles.date}>{dateTimeFormat(item.date, { format: 'MMM DD' })} </div>
              </a>