Overview

File 0001-CVE-2020-12052-bsc1170657-XSS-annotation-popup-vulnerability.patch of Package grafana

From 90aa1bb1b86a0277a5f4b21714e21c55f6b6ae4c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torkel=20=C3=96degaard?= <torkel@grafana.com>
Date: Thu, 23 Apr 2020 11:35:43 +0200
Subject: [PATCH] Security: Fix annotation popup XSS vulnerability (#23813)

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
(cherry picked from commit 3955e8cbad3dac9f891cfcd462341e766d6cc5ba)
---
 public/app/features/annotations/annotation_tooltip.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/app/features/annotations/annotation_tooltip.ts b/public/app/features/annotations/annotation_tooltip.ts
index 7c7f17c4f9e7..7af082781836 100644
--- a/public/app/features/annotations/annotation_tooltip.ts
+++ b/public/app/features/annotations/annotation_tooltip.ts
@@ -67,7 +67,7 @@ export function annotationTooltipDirective(
       tooltip += '<div class="graph-annotation__body">';
 
       if (text) {
-        tooltip += '<div>' + sanitizeString(text.replace(/\n/g, '<br>')) + '</div>';
+        tooltip += '<div ng-non-bindable>' + sanitizeString(text.replace(/\n/g, '<br>')) + '</div>';
       }
 
       const tags = event.tags;
openSUSE Build Service is sponsored by
Places