Open amotl opened 5 years ago
@wetterfrosch said about this:
Finally I remember: There was a "sanitize_html"-feature enabled by default in transition to Grafana v6.0.0-beta1, see breaking changes in the changelog.
We have enable the
disable_sanitize_html
option in the[panels]
-section of thegrafana.ini
configuration file or set the environment variable GF_PANELS_DISABLE_SANITIZE_HTML=true. Beware: This allows some vectors for cross-site-scripting-attacks.
[panels]
# If set to true Grafana will allow script tags in text panels. Not recommended as it enable XSS vulnerabilities.
disable_sanitize_html = true
This is just a reminder in order to properly document the
GF_PANELS_DISABLE_SANITIZE_HTML=true
setting.You will find more details at https://source.irceline.be/corona-eu/luftdatenpumpe/issues/10.