dosubot[bot] commented on issue #30381: URL: https://github.com/apache/superset/issues/30381#issuecomment-2372535533
<!-- Answer --> The `HTML_SANITIZATION_SCHEMA_EXTENSIONS` configuration is defined in the `superset/config.py` file and is used to extend the HTML sanitization schema for rendering HTML content safely <sup>[[1]](https://github.com/apache/superset/blob/master/superset/config.py)</sup>. To pass this configuration from the Python backend to the frontend, it needs to be included in the `bootstrap_data` payload. Here are the key steps and locations in the codebase where this happens: 1. **Backend Configuration**: Ensure that `HTML_SANITIZATION_SCHEMA_EXTENSIONS` is correctly defined in `superset/config.py`: ```python HTML_SANITIZATION_SCHEMA_EXTENSIONS: dict[str, Any] = { "attributes": { "*": ["style", "className"], }, "tagNames": ["style"], } ``` 2. **Common Bootstrap Payload**: The `cached_common_bootstrap_data` function prepares the common data sent to the client. This function should include the `HTML_SANITIZATION_SCHEMA_EXTENSIONS` configuration: ```python def cached_common_bootstrap_data(user_id: int | None, locale: Locale | None) -> dict[str, Any]: frontend_config = { k: (list(conf.get(k)) if isinstance(conf.get(k), set) else conf.get(k)) for k in FRONTEND_CONF_KEYS } # Add HTML_SANITIZATION_SCHEMA_EXTENSIONS to the frontend config frontend_config["HTML_SANITIZATION_SCHEMA_EXTENSIONS"] = conf.get("HTML_SANITIZATION_SCHEMA_EXTENSIONS", {}) bootstrap_data = { "conf": frontend_config, # other configurations... } return bootstrap_data } ``` 3. **Rendering the Template**: The `render_app_template` method in the `BaseSupersetView` class constructs the `bootstrap_data` payload and passes it to the frontend: ```python class BaseSupersetView(BaseView): def render_app_template( self, extra_bootstrap_data: dict[str, Any] | None = None ) -> FlaskResponse: payload = { "user": bootstrap_user_data(g.user, include_perms=True), "common": common_bootstrap_payload(), **(extra_bootstrap_data or {}), } return self.render_template( "superset/spa.html", entry="spa", bootstrap_data=json.dumps( payload, default=json.pessimistic_json_iso_dttm_ser ), ) } ``` 4. **Frontend Usage**: The `HTML_SANITIZATION_SCHEMA_EXTENSIONS` configuration is utilized in the frontend components, such as the `Markdown` component in `superset-frontend/src/dashboard/components/gridComponents/Markdown.jsx`: ```jsx function mapStateToProps(state) { return { htmlSchemaOverrides: state.common.conf.HTML_SANITIZATION_SCHEMA_EXTENSIONS, }; } ``` And in the `HandlebarsViewer` component in `superset-frontend/plugins/plugin-chart-handlebars/src/components/Handlebars/HandlebarsViewer.tsx`: ```tsx const appContainer = document.getElementById('app'); const { common } = JSON.parse( appContainer?.getAttribute('data-bootstrap') || '{}', ); const htmlSchemaOverrides = common?.conf?.HTML_SANITIZATION_SCHEMA_EXTENSIONS || {}; ``` By ensuring that the `HTML_SANITIZATION_SCHEMA_EXTENSIONS` configuration is included in the `cached_common_bootstrap_data` function and correctly passed through the `bootstrap_data` payload, you can verify if the parameter is actually passed to the frontend <sup>[[2]](https://github.com/apache/superset/blob/master/superset/views/base.py)</sup><sup>[[3]](https://github.com/apache/superset/blob/master/superset-frontend/src/dashboard/components/gridComponents/Markdown.jsx)</sup><sup>[[4]](https://github.com/apache/superset/blob/master/superset-frontend/plugins/plugin-chart-handlebars/src/components/Handlebars/HandlebarsViewer.tsx)</sup>. <!-- Dosu Comment Footer --> *To continue talking to [Dosu](https://dosu.dev), mention @dosu.* -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
