context link backwards compatibility & sanitation (#2958)

* Make context_links backwards compatible
* sanitizing external input before rendering

timesketch/api/v1/resources/contextlinks.py

@@ -47,6 +47,12 @@ def get(self):
         if not context_link_yaml:
             return jsonify(response)
 
+        # Support for earlier version format of context links without hardcoded modules:
+        if not context_link_yaml.get("linked_services"):
+            context_link_yaml = {
+                "linked_services": context_link_yaml,
+            }
+
         if context_link_yaml.get("hardcoded_modules"):
             for entry in context_link_yaml.get("hardcoded_modules", []):
                 context_link_config = {

timesketch/frontend-ng/src/components/Explore/LinkRedirectWarning.vue

@@ -28,13 +28,13 @@ limitations under the License.
         <div v-if="contextValue">
           <b>Value:</b><br/>
           <code class="code">
-            {{ contextValue }}
+            {{ getContextValue }}
           </code>
         </div>
         <div>
           <b>External website:</b><br/>
           <code class="code">
-            {{ contextUrl }}
+            {{ getContextUrl }}
           </code>
         </div>
 
@@ -62,13 +62,23 @@ limitations under the License.
   </template>
 
   <script>
+  import DOMPurify from 'dompurify';
+
   export default {
     props: ['contextValue', 'contextUrl' ],
     methods: {
       clearAndCancel: function () {
         this.$emit('cancel')
       },
     },
+    computed: {
+      getContextValue() {
+        return DOMPurify.sanitize(this.contextValue)
+      },
+      getContextUrl() {
+        return DOMPurify.sanitize(this.contextUrl)
+      }
+    }
   }
   </script>