Werk #8854: Dashboard: Static text dashlet only allows limited HTML
| Component | User interface | ||||
| Title | Dashboard: Static text dashlet only allows limited HTML | ||||
| Date | Aug 14, 2019 | ||||
| Level | Trivial Change | ||||
| Class | Security Fix | ||||
| Compatibility | Compatible - no manual interaction needed | ||||
| Checkmk versions & editions |
|
The "static text" dashlet is meant to add some static text information to dashboards. In the past it was possible to add arbitrary HTML code to it, which could be useful e.g. to format the text information.
To prevent injections of arbitrary script the static text dashlet now allows only a limited set of HTML codes. These are: h2, b, tt, i, br, pre, a, sup, p, li, ul and ol.