opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-09-25 08:03:59 +08:00
Code Issues Packages Projects Releases Wiki Activity

Escape values in metric segment and sql part

Browse Source
This commit is contained in:
Sven Klemm
2018-10-15 13:53:37 +02:00
parent 3f6f98a532
commit 3a25a0de83
2 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
public/app/core/components/sql_part/sql_part_editor.ts
View File

@ -109,12 +109,12 @@ export function sqlPartEditorDirective($compile, templateSrv) {
$scope.$apply(() => { $scope.$apply(() => {
$scope.handleEvent({ $event: { name: 'get-param-options', param: param } }).then(result => { $scope.handleEvent({ $event: { name: 'get-param-options', param: param } }).then(result => {
const dynamicOptions = _.map(result, op => { const dynamicOptions = _.map(result, op => {
return op.value; return _.escape(op.value);
}); });
// add current value to dropdown if it's not in dynamicOptions // add current value to dropdown if it's not in dynamicOptions
if (_.indexOf(dynamicOptions, part.params[paramIndex]) === -1) { if (_.indexOf(dynamicOptions, part.params[paramIndex]) === -1) {
dynamicOptions.unshift(part.params[paramIndex]); dynamicOptions.unshift(_.escape(part.params[paramIndex]));
} }
callback(dynamicOptions); callback(dynamicOptions);
@ -129,6 +129,7 @@ export function sqlPartEditorDirective($compile, templateSrv) {
minLength: 0, minLength: 0,
items: 1000, items: 1000,
updater: value => { updater: value => {
value = _.unescape(value);
if (value === part.params[paramIndex]) { if (value === part.params[paramIndex]) {
clearTimeout(cancelBlur); clearTimeout(cancelBlur);
$input.focus(); $input.focus();

9
public/app/core/directives/metric_segment.ts
View File

@ -56,7 +56,7 @@ export function metricSegment($compile, $sce) {
} }
} else if (segment.custom !== 'false') { } else if (segment.custom !== 'false') {
segment.value = value; segment.value = value;
segment.html = $sce.trustAsHtml(value); segment.html = _.escape(value);
segment.expandable = true; segment.expandable = true;
segment.fake = false; segment.fake = false;
} }
@ -95,7 +95,7 @@ export function metricSegment($compile, $sce) {
// add custom values // add custom values
if (segment.custom !== 'false') { if (segment.custom !== 'false') {
if (!segment.fake && _.indexOf(options, segment.value) === -1) { if (!segment.fake && _.indexOf(options, segment.value) === -1) {
options.unshift(segment.value); options.unshift(_.escape(segment.value));
} }
} }
@ -105,6 +105,7 @@ export function metricSegment($compile, $sce) {
}; };
$scope.updater = value => { $scope.updater = value => {
value = _.unescape(value);
if (value === segment.value) { if (value === segment.value) {
clearTimeout(cancelBlur); clearTimeout(cancelBlur);
$input.focus(); $input.focus();
@ -219,7 +220,7 @@ export function metricSegmentModel(uiSegmentSrv, $q) {
cachedOptions = $scope.options; cachedOptions = $scope.options;
return $q.when( return $q.when(
_.map($scope.options, option => { _.map($scope.options, option => {
return { value: option.text }; return { value: _.escape(option.text) };
}) })
); );
} else { } else {
@ -229,7 +230,7 @@ export function metricSegmentModel(uiSegmentSrv, $q) {
if (option.html) { if (option.html) {
return option; return option;
} }
return { value: option.text }; return { value: _.escape(option.text) };
}); });
}); });
} }