Based on Kibana configuration https://www.elastic.co/guide/en/kibana/current/settings.html it is possible to configure custom base maps for coordinate maps. This can be done, by setting the parameter "map.tilemap.url" in kibana.yml. Depending on the provider's terms of service an attribution text has to be provided via "map.tilemap.options.attribution". As mentioned in the configuration, the value of the attribution parameter can/shall be in a MarkDownIt format, in order to be able to generate a hyperlink.
The problem is, kibana escapes the HTML code generated by MarkDownIt and additionally surrounds it with a
tag. This causes the attribution text is displayed wrong, instead of a hyperlink the HTML representation of it is displayed.
The problem is in the file mapsLegacy.plugin.js
var attributionFromConfig=_lodash.default.escape(markdownIt.render(this.tilemapsConfig.deprecated.config.options.attribution||""));
IMHO the escape() function may not be used for escaping of a parameter value, because this value was set by an system administrator and not by a standard user.
Based on Kibana configuration https://www.elastic.co/guide/en/kibana/current/settings.html it is possible to configure custom base maps for coordinate maps. This can be done, by setting the parameter "map.tilemap.url" in kibana.yml. Depending on the provider's terms of service an attribution text has to be provided via "map.tilemap.options.attribution". As mentioned in the configuration, the value of the attribution parameter can/shall be in a MarkDownIt format, in order to be able to generate a hyperlink.
The problem is, kibana escapes the HTML code generated by MarkDownIt and additionally surrounds it with a
tag. This causes the attribution text is displayed wrong, instead of a hyperlink the HTML representation of it is displayed. The problem is in the file
mapsLegacy.plugin.js
IMHO the escape() function may not be used for escaping of a parameter value, because this value was set by an system administrator and not by a standard user.
It would be nice to fix this issue.