Re: [I] CSS styling doesn't work in Handlebars chart [superset]

Tue, 24 Sep 2024 16:46:45 -0700 


dosubot[bot] commented on issue #30381:
URL: https://github.com/apache/superset/issues/30381#issuecomment-2372583355

   <!-- Answer -->
   The `class` attribute should be preserved if the 
`HTML_SANITIZATION_SCHEMA_EXTENSIONS` configuration is set correctly. Given 
that the `class` attribute is still empty, it might be due to how the `xss` 
library is configured and used in the frontend.
   
   Ensure that the `xss` library configuration in the frontend allows the 
`class` attribute. Here is the relevant code snippet from 
`superset-frontend/packages/superset-ui-core/src/utils/html.tsx`:
   
   ```tsx
   import { FilterXSS, getDefaultWhiteList } from 'xss';
   
   const xssFilter = new FilterXSS({
     whiteList: {
       ...getDefaultWhiteList(),
       span: ['style', 'class', 'title'],
       div: ['style', 'class'],
       a: ['style', 'class', 'href', 'title', 'target'],
       img: ['style', 'class', 'src', 'alt', 'title', 'width', 'height'],
       video: [
         'autoplay',
         'controls',
         'loop',
         'preload',
         'src',
         'height',
         'width',
         'muted',
       ],
     },
     stripIgnoreTag: true,
     css: false,
   });
   
   export function sanitizeHtml(htmlString: string) {
     return xssFilter.process(htmlString);
   }
   ```
   
   Ensure that the `class` attribute is included in the whitelist for the 
relevant HTML tags. If the `xss` library configuration is correct, the `class` 
attribute should be preserved in the sanitized HTML.
   
   Additionally, verify that the `sanitizeHtml` function is being used 
correctly in the frontend components where the Handlebars chart is rendered. If 
the configuration and usage are correct, the `class` attribute should be 
preserved.
   
   If the issue persists, you might want to check if there are any other 
sanitization steps or overrides in the frontend code that might be affecting 
the `class` attribute.
   
   
   <!-- Dosu Comment Footer -->
   *To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to