Can I embed HTML code in Kibana?


(Helix) #1

Hello,

I found a Blog Post describing how to embed HTML code in Kibana Version 4 here. Is this still possible in Kibana 5 or is there a different way to do it now?

Thank you in advance!


(Tim Roes) #2

Hi Helix,

thanks for your question. Actually it is still not possible without modifying source code (mainly for security reasons).

Also the source code you would have do modify looks a little bit different now. For version 5.5.0 you can find the relevant source code file at markdown_vis_controller on GitHub

What would you need to change?

  1. Change in line 7, the sanitize: true to sanitize: false.
  2. Add in line 12 $sce to the function parameters (to get the $sce service of Angular (responsible for securing HTML) injected into the controller)
  3. Modify line 15 to use the serice as follows: $scope.html = $sce.trustAsHtml(marked(html));

Be aware that this introduces a high security vulnerability to your Kibana! Anyone can now save visualizations that can contain script tags and execute JavaScript in the browser of other users.

If you just want to add some "safe" HTML tags (like a, span, b, etc.) just make modification 1 from the list above and skip 2 and 3. That way Angular will still sanitize your input.

Also be aware that making modifications to Kibana might cause you quite some work, when upgrading your versions, i.e. if you look at the mentioned file on GitHub you can see, that it already changed since version 5.5.0, so you would need to repeat your modifications for the next versions.

Cheers,
Tim


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.