grafana/SOURCES/010-CVE-2020-13430.patch

diff --git a/public/app/plugins/datasource/opentsdb/query_ctrl.ts b/public/app/plugins/datasource/opentsdb/query_ctrl.ts
index 8569de2eb0..cbb1790625 100644
--- a/public/app/plugins/datasource/opentsdb/query_ctrl.ts
+++ b/public/app/plugins/datasource/opentsdb/query_ctrl.ts
@@ -2,6 +2,7 @@ import _ from 'lodash';
 import kbn from 'app/core/utils/kbn';
 import { QueryCtrl } from 'app/plugins/sdk';
 import { auto } from 'angular';
+import { escapeHtml } from 'app/core/utils/text';
 
 export class OpenTsQueryCtrl extends QueryCtrl {
   static templateUrl = 'partials/query.editor.html';
@@ -90,7 +91,7 @@ export class OpenTsQueryCtrl extends QueryCtrl {
 
   getTextValues(metricFindResult: any) {
     return _.map(metricFindResult, value => {
-      return value.text;
+      return escapeHtml(value.text);
     });
   }