Make HTML sanitization whitelist user-configurable (opt-in) #36815
Moosheimer
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Problem:
Superset’s strict frontend HTML sanitization prevents rendering of safe tags like
<b>and<i>, even in trusted environments. This blocks important formatting for pre-tagged data (formatted data exists in database).Proposed Solution:
Add a user-configurable option (e.g., in superset_config.py or UI) to extend or override the frontend sanitizer whitelist, with clear warnings and opt-in gating.
Risk Mitigation:
Use Case:
We run Superset on a secured intranet with trusted data sources and need to render existing HTML formatting in tables/charts (the data comes from the database with existing HTML tags.).
Alternatives tried:
Backend config, data preprocessing, and Markdown components—all insufficient for our needs.
see more -> #36799
Beta Was this translation helpful? Give feedback.
All reactions