Fix xss vulnerability in scripted fields

Fixes #5788
2025-04-24 01:38:56 -04:00 · 2015-12-15 09:47:19 -07:00 · 2015-12-15 09:47:19 -07:00 · 3f7be610f9
commit 3f7be610f9
parent 35c9e2b1bb
1 changed files with 2 additions and 2 deletions
--- a/src/plugins/kibana/public/settings/sections/indices/_scripted_fields.js
+++ b/src/plugins/kibana/public/settings/sections/indices/_scripted_fields.js
@ -44,8 +44,8 @@ define(function (require) {
            rowScopes.push(rowScope);

            return [
-              field.name,
-              field.script,
+              _.escape(field.name),
+              _.escape(field.script),
              _.get($scope.indexPattern, ['fieldFormatMap', field.name, 'type', 'title']),
              {
                markup: controlsHtml,