This is an automated email from the ASF dual-hosted git repository.
villebro pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new 09772eeda0 fix(config.py): reset HTML_SANITIZATION to True by default
(#35603)
09772eeda0 is described below
commit 09772eeda0af4fefbbf8fcca2e77dcf800d43830
Author: Quentin Leroy <[email protected]>
AuthorDate: Wed Oct 15 19:03:51 2025 +0000
fix(config.py): reset HTML_SANITIZATION to True by default (#35603)
---
superset/config.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/superset/config.py b/superset/config.py
index 1707597405..a36d1699f8 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -972,7 +972,7 @@ CORS_OPTIONS: dict[Any, Any] = {
# Disabling this option is not recommended for security reasons. If you wish
to allow
# valid safe elements that are not included in the default sanitization
schema, use the
# HTML_SANITIZATION_SCHEMA_EXTENSIONS configuration.
-HTML_SANITIZATION = False
+HTML_SANITIZATION = True
# Use this configuration to extend the HTML sanitization schema.
# By default we use the GitHub schema defined in
