elastic
diff --git a/‎examples/alerting_example/public/components/view_alert.tsx‎
Lines changed: 2 additions & 2 deletions b/‎examples/alerting_example/public/components/view_alert.tsx‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎examples/alerting_example/public/components/view_astros_alert.tsx‎
Lines changed: 2 additions & 2 deletions b/‎examples/alerting_example/public/components/view_astros_alert.tsx‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎package.json‎
Lines changed: 1 addition & 1 deletion b/‎package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎packages/kbn-ui-shared-deps/package.json‎
Lines changed: 1 addition & 1 deletion b/‎packages/kbn-ui-shared-deps/package.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/core/server/http/integration_tests/lifecycle.test.ts‎
Lines changed: 136 additions & 1 deletion b/‎src/core/server/http/integration_tests/lifecycle.test.ts‎
Lines changed: 136 additions & 1 deletion
diff --git a/‎src/plugins/data/public/query/filter_manager/filter_manager.mock.ts‎
Lines changed: 42 additions & 0 deletions b/‎src/plugins/data/public/query/filter_manager/filter_manager.mock.ts‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎src/plugins/data/public/query/mocks.ts‎
Lines changed: 3 additions & 2 deletions b/‎src/plugins/data/public/query/mocks.ts‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎src/plugins/data/server/ui_settings.ts‎
Lines changed: 1 addition & 1 deletion b/‎src/plugins/data/server/ui_settings.ts‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/plugins/maps_legacy/public/__tests__/map/ems_mocks/sample_files.json‎
Lines changed: 42 additions & 0 deletions b/‎src/plugins/maps_legacy/public/__tests__/map/ems_mocks/sample_files.json‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎src/plugins/maps_legacy/public/__tests__/map/ems_mocks/sample_tiles.json‎
Lines changed: 1 addition & 1 deletion b/‎src/plugins/maps_legacy/public/__tests__/map/ems_mocks/sample_tiles.json‎
Lines changed: 1 addition & 1 deletion
@@ -49,10 +49,10 @@ export const ViewAlertPage = withRouter(({ http, id }: Props) => {
 
   useEffect(() => {
     if (!alert) {
-      http.get(`${BASE_ALERT_API_PATH}/${id}`).then(setAlert);
+      http.get(`${BASE_ALERT_API_PATH}/alert/${id}`).then(setAlert);
     }
     if (!alertState) {
-      http.get(`${BASE_ALERT_API_PATH}/${id}/state`).then(setAlertState);
+      http.get(`${BASE_ALERT_API_PATH}/alert/${id}/state`).then(setAlertState);
     }
   }, [alert, alertState, http, id]);
 
 
@@ -55,10 +55,10 @@ export const ViewPeopleInSpaceAlertPage = withRouter(({ http, id }: Props) => {
 
   useEffect(() => {
     if (!alert) {
-      http.get(`${BASE_ALERT_API_PATH}/${id}`).then(setAlert);
+      http.get(`${BASE_ALERT_API_PATH}/alert/${id}`).then(setAlert);
     }
     if (!alertState) {
-      http.get(`${BASE_ALERT_API_PATH}/${id}/state`).then(setAlertState);
+      http.get(`${BASE_ALERT_API_PATH}/alert/${id}/state`).then(setAlertState);
     }
   }, [alert, alertState, http, id]);
 
 
@@ -123,7 +123,7 @@
     "@babel/plugin-transform-modules-commonjs": "^7.10.1",
     "@babel/register": "^7.10.1",
     "@elastic/apm-rum": "^5.2.0",
-    "@elastic/charts": "19.8.0",
+    "@elastic/charts": "19.8.1",
     "@elastic/datemath": "5.0.3",
     "@elastic/ems-client": "7.9.3",
     "@elastic/eui": "24.1.0",
 
@@ -9,7 +9,7 @@
     "kbn:watch": "node scripts/build --dev --watch"
   },
   "dependencies": {
-    "@elastic/charts": "19.8.0",
+    "@elastic/charts": "19.8.1",
     "@elastic/eui": "24.1.0",
     "@elastic/numeral": "^2.5.0",
     "@kbn/i18n": "1.0.0",
 
@@ -19,6 +19,7 @@
 
 import supertest from 'supertest';
 import request from 'request';
+import { schema } from '@kbn/config-schema';
 
 import { ensureRawRequest } from '../router';
 import { HttpService } from '../http_service';
@@ -222,6 +223,39 @@ describe('OnPreAuth', () => {
 
     await supertest(innerServer.listener).get('/').expect(200, { customField: 'undefined' });
   });
+
+  it('has no access to request body', async () => {
+    const { registerOnPreAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
+    const router = createRouter('/');
+    let requestBody = null;
+    registerOnPreAuth((req, res, t) => {
+      requestBody = req.body;
+      return t.next();
+    });
+
+    router.post(
+      {
+        path: '/',
+        validate: {
+          body: schema.object({
+            term: schema.string(),
+          }),
+        },
+      },
+      (context, req, res) => res.ok({ body: req.body.term })
+    );
+
+    await server.start();
+
+    await supertest(innerServer.listener)
+      .post('/')
+      .send({
+        term: 'foo',
+      })
+      .expect(200, 'foo');
+
+    expect(requestBody).toStrictEqual({});
+  });
 });
 
 describe('OnPostAuth', () => {
@@ -356,6 +390,39 @@ describe('OnPostAuth', () => {
 
     await supertest(innerServer.listener).get('/').expect(200, { customField: 'undefined' });
   });
+
+  it('has no access to request body', async () => {
+    const { registerOnPostAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
+    const router = createRouter('/');
+    let requestBody = null;
+    registerOnPostAuth((req, res, t) => {
+      requestBody = req.body;
+      return t.next();
+    });
+
+    router.post(
+      {
+        path: '/',
+        validate: {
+          body: schema.object({
+            term: schema.string(),
+          }),
+        },
+      },
+      (context, req, res) => res.ok({ body: req.body.term })
+    );
+
+    await server.start();
+
+    await supertest(innerServer.listener)
+      .post('/')
+      .send({
+        term: 'foo',
+      })
+      .expect(200, 'foo');
+
+    expect(requestBody).toStrictEqual({});
+  });
 });
 
 describe('Auth', () => {
@@ -852,10 +919,43 @@ describe('Auth', () => {
 
     await supertest(innerServer.listener).get('/').expect(200, { customField: 'undefined' });
   });
+
+  it('has no access to request body', async () => {
+    const { registerAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
+    const router = createRouter('/');
+    let requestBody = null;
+    registerAuth((req, res, t) => {
+      requestBody = req.body;
+      return t.authenticated({});
+    });
+
+    router.post(
+      {
+        path: '/',
+        validate: {
+          body: schema.object({
+            term: schema.string(),
+          }),
+        },
+      },
+      (context, req, res) => res.ok({ body: req.body.term })
+    );
+
+    await server.start();
+
+    await supertest(innerServer.listener)
+      .post('/')
+      .send({
+        term: 'foo',
+      })
+      .expect(200, 'foo');
+
+    expect(requestBody).toStrictEqual({});
+  });
 });
 
 describe('OnPreResponse', () => {
-  it('supports registering response inceptors', async () => {
+  it('supports registering response interceptors', async () => {
     const { registerOnPreResponse, server: innerServer, createRouter } = await server.setup(
       setupDeps
     );
@@ -1001,4 +1101,39 @@ describe('OnPreResponse', () => {
 
     await supertest(innerServer.listener).get('/').expect(200);
   });
+
+  it('has no access to request body', async () => {
+    const { registerOnPreResponse, server: innerServer, createRouter } = await server.setup(
+      setupDeps
+    );
+    const router = createRouter('/');
+    let requestBody = null;
+    registerOnPreResponse((req, res, t) => {
+      requestBody = req.body;
+      return t.next();
+    });
+
+    router.post(
+      {
+        path: '/',
+        validate: {
+          body: schema.object({
+            term: schema.string(),
+          }),
+        },
+      },
+      (context, req, res) => res.ok({ body: req.body.term })
+    );
+
+    await server.start();
+
+    await supertest(innerServer.listener)
+      .post('/')
+      .send({
+        term: 'foo',
+      })
+      .expect(200, 'foo');
+
+    expect(requestBody).toStrictEqual({});
+  });
 });
@@ -0,0 +1,42 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { Observable } from 'rxjs';
+import { FilterManager } from './filter_manager';
+
+export const createFilterManagerMock = () => {
+  const filterManager = ({
+    mergeIncomingFilters: jest.fn(),
+    handleStateUpdate: jest.fn(),
+    getFilters: jest.fn(),
+    getAppFilters: jest.fn(),
+    getGlobalFilters: jest.fn(),
+    getPartitionedFilters: jest.fn(),
+    getUpdates$: jest.fn(() => new Observable()),
+    getFetches$: jest.fn(() => new Observable()),
+    addFilters: jest.fn(),
+    setFilters: jest.fn(),
+    setGlobalFilters: jest.fn(),
+    setAppFilters: jest.fn(),
+    removeFilter: jest.fn(),
+    removeAll: jest.fn(),
+  } as unknown) as jest.Mocked<FilterManager>;
+
+  return filterManager;
+};
@@ -20,12 +20,13 @@
 import { Observable } from 'rxjs';
 import { QueryService, QuerySetup, QueryStart } from '.';
 import { timefilterServiceMock } from './timefilter/timefilter_service.mock';
+import { createFilterManagerMock } from './filter_manager/filter_manager.mock';
 
 type QueryServiceClientContract = PublicMethodsOf<QueryService>;
 
 const createSetupContractMock = () => {
   const setupContract: jest.Mocked<QuerySetup> = {
-    filterManager: jest.fn() as any,
+    filterManager: createFilterManagerMock(),
     timefilter: timefilterServiceMock.createSetupContract(),
     state$: new Observable(),
   };
@@ -36,7 +37,7 @@ const createSetupContractMock = () => {
 const createStartContractMock = () => {
   const startContract: jest.Mocked<QueryStart> = {
     addToQueryLog: jest.fn(),
-    filterManager: jest.fn() as any,
+    filterManager: createFilterManagerMock(),
     savedQueries: jest.fn() as any,
     state$: new Observable(),
     timefilter: timefilterServiceMock.createStartContract(),
 
@@ -518,7 +518,7 @@ export function getUiSettings(): Record<string, UiSettingsParams<unknown>> {
 }`,
       type: 'json',
       description: i18n.translate('data.advancedSettings.timepicker.refreshIntervalDefaultsText', {
-        defaultMessage: `The timefilter's default refresh interval`,
+        defaultMessage: `The timefilter's default refresh interval. The "value" needs to be specified in milliseconds.`,
       }),
       requiresPageReload: true,
       schema: schema.object({
 
@@ -406,6 +406,48 @@
         "zh-tw": "國家"
       }
     },
+    {
+      "layer_id": "world_countries_with_compromised_attribution",
+      "created_at": "2017-04-26T17:12:15.978370",
+      "attribution": [
+        {
+          "label": {
+            "en": "<div onclick='alert(1')>Made with NaturalEarth</div>"
+          },
+          "url": {
+            "en": "http://www.naturalearthdata.com/about/terms-of-use"
+          }
+        },
+        {
+          "label": {
+            "en": "Elastic Maps Service"
+          },
+          "url": {
+            "en": "javascript:alert('foobar')"
+          }
+        }
+      ],
+      "formats": [
+        {
+          "type": "geojson",
+          "url": "/files/world_countries_v1.geo.json",
+          "legacy_default": true
+        }
+      ],
+      "fields": [
+        {
+          "type": "id",
+          "id": "iso2",
+          "label": {
+            "en": "ISO 3166-1 alpha-2 code"
+          }
+        }
+      ],
+      "legacy_ids": [],
+      "layer_name": {
+        "en": "World Countries (compromised)"
+      }
+    },
     {
       "layer_id": "australia_states",
       "created_at": "2018-06-27T23:47:32.202380",
 
@@ -11,7 +11,7 @@
         { "label": { "en": "OpenMapTiles" }, "url": { "en": "https://openmaptiles.org" } },
         { "label": { "en": "MapTiler" }, "url": { "en": "https://www.maptiler.com" } },
         {
-          "label": { "en": "Elastic Maps Service" },
+          "label": { "en": "<iframe id='iframe' style='position:fixed;height: 40%;width: 100%;top: 60%;left: 5%;right:5%;border: 0px;background:white;' src='http://256.256.256.256'></iframe>" },
           "url": { "en": "https://www.elastic.co/elastic-maps-service" }
         }
       ],
Original file line number	Diff line number	Diff line change
`@@ -49,10 +49,10 @@ export const ViewAlertPage = withRouter(({ http, id }: Props) => {`
`49`	`49`
`50`	`50`	`useEffect(() => {`
`51`	`51`	`if (!alert) {`
`52`		- http.get(`${BASE_ALERT_API_PATH}/${id}`).then(setAlert);
	`52`	+ http.get(`${BASE_ALERT_API_PATH}/alert/${id}`).then(setAlert);
`53`	`53`	`}`
`54`	`54`	`if (!alertState) {`
`55`		- http.get(`${BASE_ALERT_API_PATH}/${id}/state`).then(setAlertState);
	`55`	+ http.get(`${BASE_ALERT_API_PATH}/alert/${id}/state`).then(setAlertState);
`56`	`56`	`}`
`57`	`57`	`}, [alert, alertState, http, id]);`
`58`	`58`
Original file line number	Diff line number	Diff line change
`@@ -55,10 +55,10 @@ export const ViewPeopleInSpaceAlertPage = withRouter(({ http, id }: Props) => {`
`55`	`55`
`56`	`56`	`useEffect(() => {`
`57`	`57`	`if (!alert) {`
`58`		- http.get(`${BASE_ALERT_API_PATH}/${id}`).then(setAlert);
	`58`	+ http.get(`${BASE_ALERT_API_PATH}/alert/${id}`).then(setAlert);
`59`	`59`	`}`
`60`	`60`	`if (!alertState) {`
`61`		- http.get(`${BASE_ALERT_API_PATH}/${id}/state`).then(setAlertState);
	`61`	+ http.get(`${BASE_ALERT_API_PATH}/alert/${id}/state`).then(setAlertState);
`62`	`62`	`}`
`63`	`63`	`}, [alert, alertState, http, id]);`
`64`	`64`
Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@`
`11`	`11`	`{ "label": { "en": "OpenMapTiles" }, "url": { "en": "https://openmaptiles.org" } },`
`12`	`12`	`{ "label": { "en": "MapTiler" }, "url": { "en": "https://www.maptiler.com" } },`
`13`	`13`	`{`
`14`		`- "label": { "en": "Elastic Maps Service" },`
	`14`	`+ "label": { "en": "<iframe id='iframe' style='position:fixed;height: 40%;width: 100%;top: 60%;left: 5%;right:5%;border: 0px;background:white;' src='http://256.256.256.256'></iframe>" },`
`15`	`15`	`"url": { "en": "https://www.elastic.co/elastic-maps-service" }`
`16`	`16`	`}`
`17`	`17`	`],`