• rpereira2's avatar
    Validate grafana_url setting · b63d4512
    rpereira2 authored
    * Validate the grafana URL setting to ensure it is a valid URL and does
    not contain javascript.
    * Add a rel='noopener noreferrer' attribute to the link on the frontend
    so that when the link is opened in a new tab, it will not be able to
    control the tab from which it was opened.
    * Use the system_hook_validator for grafana_url since it is an admin
    setting.
    * Add migration to remove any javascript URLs from
    application_settings.grafana_url.
    * Add a blocked_message option to addressable_url_validator. The option
    allows a custom error message to be added if the URL is blocked.
    * Add a parse_url method to Gitlab::Util which returns an
    Addressable::URI object.
    * Add changelog entry.
    b63d4512
security-grafana-stored-xss.yml 90 Bytes