XSS in timeline from query

Hi

maximebf/debugbar           v1.15.1
barryvdh/laravel-debugbar v3.2.8

in timeline tab, bottom table

sample query

```
\DB::statement("SELECT * FROM users WHERE id = '<script>debugger;alert(5);</script>' OR SLEEP(2)");
```

![image](https://user-images.githubusercontent.com/3018472/82697676-073f1180-9c72-11ea-8558-e48482930457.png)

possible source - unescaped aggregate.label
https://github.com/maximebf/php-debugbar/blob/1a1605b8e9bacb34cc0c6278206d699772e1d372/src/DebugBar/Resources/widgets.js#L506

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

XSS in timeline from query #448

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

XSS in timeline from query #448

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions