Grafana v11.3: HTML sanitization is enabled - does it mean that it is absolutely impossible to create interactive panels?
Is there any way to make clickable buttons that would reveal some additional data or a new panel, if htlm sanitization is on?
Also, if we use Grafana to monitor internal resources, maybe there is no need to be so strict about XSS and what not? I mean there are no 3rd parties that are somehow involved in our monitoring stack.
there are button panels and plugins you can try:
and you can disable the xss protection:
I would say yes. Write own plugin without sanitisation (of course you need Grafana plugin development for that)/use some third party plugins without sanitisation/disable HTML sanitisation/…
It depends on you what you can accept as “secure” standard. I would say insider threats are real. Grafana is trying to be secure by default to be fool proof, but you can sacrifice that default security, just to have “interactive panels”. I wouldn’t do that personally.