Blame SOURCES/010-CVE-2020-13430.patch

2e6f73
diff --git a/public/app/plugins/datasource/opentsdb/query_ctrl.ts b/public/app/plugins/datasource/opentsdb/query_ctrl.ts
2e6f73
index 8569de2eb0..cbb1790625 100644
2e6f73
--- a/public/app/plugins/datasource/opentsdb/query_ctrl.ts
2e6f73
+++ b/public/app/plugins/datasource/opentsdb/query_ctrl.ts
2e6f73
@@ -2,6 +2,7 @@ import _ from 'lodash';
2e6f73
 import kbn from 'app/core/utils/kbn';
2e6f73
 import { QueryCtrl } from 'app/plugins/sdk';
2e6f73
 import { auto } from 'angular';
2e6f73
+import { escapeHtml } from 'app/core/utils/text';
2e6f73
 
2e6f73
 export class OpenTsQueryCtrl extends QueryCtrl {
2e6f73
   static templateUrl = 'partials/query.editor.html';
2e6f73
@@ -90,7 +91,7 @@ export class OpenTsQueryCtrl extends QueryCtrl {
2e6f73
 
2e6f73
   getTextValues(metricFindResult: any) {
2e6f73
     return _.map(metricFindResult, value => {
2e6f73
-      return value.text;
2e6f73
+      return escapeHtml(value.text);
2e6f73
     });
2e6f73
   }
2e6f73