Branch: refs/heads/1.6.0
Home:
https://github.com/tribe29/checkmk
Commit: 79d07d6f14fde26924315c170a4c360435b4608b
https://github.com/tribe29/checkmk/commit/79d07d6f14fde26924315c170a4c36043…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2019-08-14 (Wed, 14 Aug 2019)
Changed paths:
A .werks/8854
M cmk/gui/plugins/dashboard/static_text.py
Log Message:
-----------
8854 SEC Dashboard: Static text dashlet only allows limited HTML
The "static text" dashlet is meant to add some static text information to
dashboards.
In the past it was possible to add arbitrary HTML code to it, which could be useful
e.g. to format the text information.
To prevent injections of arbitrary script the static text dashlet now allows only a
limited set of HTML codes. These are: h2, b, tt, i, br, pre, a, sup, p, li, ul and ol.
Change-Id: Ifbe2bba49a3f4c796996233ba37919d148a63072