From af43073c832f130cc50e8c1c06e1031a8e881402 Mon Sep 17 00:00:00 2001 From: nmarrs Date: Fri, 3 Feb 2023 16:34:25 -0800 Subject: [PATCH 1/3] Add potential fix --- package.json | 1 + src/worldmap_ctrl.ts | 27 +++++++++++++++------------ 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/package.json b/package.json index d5cc8fe..d6963ce 100644 --- a/package.json +++ b/package.json @@ -46,6 +46,7 @@ "webpack-cli": "^3.1.2" }, "dependencies": { + "@braintree/sanitize-url": "6.0.1", "lodash": "^4.17.11", "package.json": "^2.0.1" } diff --git a/src/worldmap_ctrl.ts b/src/worldmap_ctrl.ts index 4aa746c..20e3de2 100644 --- a/src/worldmap_ctrl.ts +++ b/src/worldmap_ctrl.ts @@ -1,6 +1,7 @@ import { MetricsPanelCtrl } from "grafana/app/plugins/sdk"; import TimeSeries from "grafana/app/core/time_series2"; -import appEvents from 'grafana/app/core/app_events'; +import appEvents from "grafana/app/core/app_events"; +import { sanitizeUrl } from "@braintree/sanitize-url"; import * as _ from "lodash"; import DataFormatter from "./data_formatter"; @@ -23,7 +24,7 @@ const panelDefaults = { colors: [ "rgba(245, 54, 54, 0.9)", "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" + "rgba(50, 172, 45, 0.97)", ], unitSingle: "", unitPlural: "", @@ -39,8 +40,8 @@ const panelDefaults = { geohashField: "geohash", latitudeField: "latitude", longitudeField: "longitude", - metricField: "metric" - } + metricField: "metric", + }, }; const mapCenters = { @@ -49,7 +50,7 @@ const mapCenters = { Europe: { mapCenterLatitude: 46, mapCenterLongitude: 14 }, "West Asia": { mapCenterLatitude: 26, mapCenterLongitude: 53 }, "SE Asia": { mapCenterLatitude: 10, mapCenterLongitude: 106 }, - "Last GeoHash": { mapCenterLatitude: 0, mapCenterLongitude: 0 } + "Last GeoHash": { mapCenterLatitude: 0, mapCenterLongitude: 0 }, }; export default class WorldmapCtrl extends MetricsPanelCtrl { @@ -111,23 +112,25 @@ export default class WorldmapCtrl extends MetricsPanelCtrl { return; } + this.panel.jsonpUrl = sanitizeUrl(this.panel.jsonpUrl); + $.ajax({ type: "GET", url: this.panel.jsonpUrl + "?callback=?", contentType: "application/json", jsonpCallback: this.panel.jsonpCallback, dataType: "jsonp", - success: res => { + success: (res) => { this.locations = res; this.render(); - } + }, }); } else if (this.panel.locationData === "json endpoint") { if (!this.panel.jsonUrl) { return; } - $.getJSON(this.panel.jsonUrl).then(res => { + $.getJSON(this.panel.jsonUrl).then((res) => { this.locations = res; this.render(); }); @@ -212,7 +215,7 @@ export default class WorldmapCtrl extends MetricsPanelCtrl { this.render(); } } catch (err) { - appEvents.emit('alert-error', ['Data error', err.toString()]) + appEvents.emit("alert-error", ["Data error", err.toString()]); } } @@ -231,7 +234,7 @@ export default class WorldmapCtrl extends MetricsPanelCtrl { seriesHandler(seriesData) { const series = new TimeSeries({ datapoints: seriesData.datapoints, - alias: seriesData.target + alias: seriesData.target, }); series.flotpairs = series.getFlotPairs(this.panel.nullPointMode); @@ -277,7 +280,7 @@ export default class WorldmapCtrl extends MetricsPanelCtrl { } updateThresholdData() { - this.data.thresholds = this.panel.thresholds.split(",").map(strValue => { + this.data.thresholds = this.panel.thresholds.split(",").map((strValue) => { return Number(strValue.trim()); }); while (_.size(this.panel.colors) > _.size(this.data.thresholds) + 1) { @@ -307,7 +310,7 @@ export default class WorldmapCtrl extends MetricsPanelCtrl { ctrl.renderingCompleted(); }); - function render() { + function render() { if (!ctrl.data) { return; } From bfcb535413d695cad8c4dbdf3eacccf30cd1e26a Mon Sep 17 00:00:00 2001 From: nmarrs Date: Fri, 3 Feb 2023 16:56:43 -0800 Subject: [PATCH 2/3] Add additional sanitize calls to other user provided endpoints --- src/worldmap_ctrl.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/worldmap_ctrl.ts b/src/worldmap_ctrl.ts index 20e3de2..0e59e01 100644 --- a/src/worldmap_ctrl.ts +++ b/src/worldmap_ctrl.ts @@ -113,6 +113,7 @@ export default class WorldmapCtrl extends MetricsPanelCtrl { } this.panel.jsonpUrl = sanitizeUrl(this.panel.jsonpUrl); + this.panel.jsonpCallback = sanitizeUrl(this.panel.jsonpCallback); $.ajax({ type: "GET", @@ -130,6 +131,8 @@ export default class WorldmapCtrl extends MetricsPanelCtrl { return; } + this.panel.jsonUrl = sanitizeUrl(this.panel.jsonUrl); + $.getJSON(this.panel.jsonUrl).then((res) => { this.locations = res; this.render(); From 277d4932f7516bcbf0bcac5831573c3af26f5539 Mon Sep 17 00:00:00 2001 From: nmarrs Date: Fri, 3 Feb 2023 17:08:41 -0800 Subject: [PATCH 3/3] Update to use util function from @grafana/data package instead --- package.json | 1 - src/worldmap_ctrl.ts | 8 ++++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index d6963ce..d5cc8fe 100644 --- a/package.json +++ b/package.json @@ -46,7 +46,6 @@ "webpack-cli": "^3.1.2" }, "dependencies": { - "@braintree/sanitize-url": "6.0.1", "lodash": "^4.17.11", "package.json": "^2.0.1" } diff --git a/src/worldmap_ctrl.ts b/src/worldmap_ctrl.ts index 0e59e01..ba10fc3 100644 --- a/src/worldmap_ctrl.ts +++ b/src/worldmap_ctrl.ts @@ -1,7 +1,7 @@ import { MetricsPanelCtrl } from "grafana/app/plugins/sdk"; import TimeSeries from "grafana/app/core/time_series2"; import appEvents from "grafana/app/core/app_events"; -import { sanitizeUrl } from "@braintree/sanitize-url"; +import { textUtil } from "@grafana/data"; import * as _ from "lodash"; import DataFormatter from "./data_formatter"; @@ -112,8 +112,8 @@ export default class WorldmapCtrl extends MetricsPanelCtrl { return; } - this.panel.jsonpUrl = sanitizeUrl(this.panel.jsonpUrl); - this.panel.jsonpCallback = sanitizeUrl(this.panel.jsonpCallback); + this.panel.jsonpUrl = textUtil.sanitizeUrl(this.panel.jsonpUrl); + this.panel.jsonpCallback = textUtil.sanitizeUrl(this.panel.jsonpCallback); $.ajax({ type: "GET", @@ -131,7 +131,7 @@ export default class WorldmapCtrl extends MetricsPanelCtrl { return; } - this.panel.jsonUrl = sanitizeUrl(this.panel.jsonUrl); + this.panel.jsonUrl = textUtil.sanitizeUrl(this.panel.jsonUrl); $.getJSON(this.panel.jsonUrl).then((res) => { this.locations = res;