10 лет назад · 8f35683ccb
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ it allows you to add queries of differnet data source types & instances to the s
 
															 - [Issue #2568](https://github.com/grafana/grafana/issues/2568). AuthProxy: Fix for server side rendering of panel when using auth proxy
														
 
															 - [Issue #2490](https://github.com/grafana/grafana/issues/2490). Graphite: Dashboard import was broken in 2.1 and 2.1.1, working now
														
 
															 - [Issue #2565](https://github.com/grafana/grafana/issues/2565). TimePicker: Fix for when you applied custom time range it did not refreh dashboard
														
 
															+- [Issue #2563](https://github.com/grafana/grafana/issues/2563). Annotations: Fixed issue when html sanitizer failes for title to annotation body, now fallbacks to html escaping title and text
														
 
															 **Breaking Changes**
														
 
															 - Notice to makers/users of custom data sources, there is a minor breaking change in 2.2 that
														
--- a/public/app/directives/annotationTooltip.js
+++ b/public/app/directives/annotationTooltip.js
@@ -9,17 +9,28 @@ function (angular, $, _) {
 
															   angular
														
 
															   .module('grafana.directives')
														
 
															   .directive('annotationTooltip', function($sanitize, dashboardSrv, $compile) {
														
 
															+
														
 
															+    function sanitizeString(str) {
														
 
															+      try {
														
 
															+        return $sanitize(str);
														
 
															+      }
														
 
															+      catch(err) {
														
 
															+        console.log('Could not sanitize annotation string, html escaping instead');
														
 
															+        return _.escape(str);
														
 
															+      }
														
 
															+    }
														
 
															+
														
 
															     return {
														
 
															       link: function (scope, element) {
														
 
															         var event = scope.event;
														
 
															-        var title = $sanitize(event.title);
														
 
															+        var title = sanitizeString(event.title);
														
 
															         var dashboard = dashboardSrv.getCurrent();
														
 
															         var time = '<i>' + dashboard.formatDate(event.min) + '</i>';
														
 
															         var tooltip = '<div class="graph-tooltip small"><div class="graph-tooltip-time">' + title + ' ' + time + '</div> ' ;
														
 
															         if (event.text) {
														
 
															-          var text = $sanitize(event.text);
														
 
															+          var text = sanitizeString(event.text);
														
 
															           tooltip += text.replace(/\n/g, '<br>') + '<br>';
														
 
															         }
														
--- a/public/app/features/annotations/annotationsSrv.js
+++ b/public/app/features/annotations/annotationsSrv.js
@@ -62,7 +62,7 @@ define([
 
															         min: options.time,
														
 
															         max: options.time,
														
 
															         eventType: options.annotation.name,
														
 
															-        title: options.title,
														
 
															+        title: 'Torkel <test@asd.com>',//  options.title,
														
 
															         tags: options.tags,
														
 
															         text: options.text,
														
 
															         score: 1