dosubot[bot] commented on issue #30381:
URL: https://github.com/apache/superset/issues/30381#issuecomment-2372595708
<!-- Answer -->
The `xss` library configuration is not set in the config files but directly
in the frontend code. Since the `class` attribute is already included in the
whitelist in `superset-frontend/packages/superset-ui-core/src/utils/html.tsx`,
the issue might be elsewhere.
Here are a few additional steps to troubleshoot:
1. **Verify `sanitizeHtml` Usage**:
Ensure that the `sanitizeHtml` function is being used correctly in the
frontend components where the Handlebars chart is rendered. Specifically, check
if the `SafeMarkdown` component is used with the correct sanitization options.
2. **Check `SafeMarkdown` Component**:
The `SafeMarkdown` component is responsible for rendering sanitized HTML.
Verify that it is configured correctly in the Handlebars chart component:
```tsx
if (renderedTemplate) {
return (
<SafeMarkdown
source={renderedTemplate}
htmlSanitization={htmlSanitization}
htmlSchemaOverrides={htmlSchemaOverrides}
/>
);
}
```
3. **Inspect Sanitization Overrides**:
Ensure that the `htmlSanitization` and `htmlSchemaOverrides` props are
correctly passed to the `SafeMarkdown` component. These props should be derived
from the Redux state:
```jsx
function mapStateToProps(state) {
return {
htmlSanitization: state.common.conf.HTML_SANITIZATION,
htmlSchemaOverrides:
state.common.conf.HTML_SANITIZATION_SCHEMA_EXTENSIONS,
};
}
```
4. **Debugging in Browser**:
Use the browser console to inspect the `htmlSanitization` and
`htmlSchemaOverrides` values being passed to the `SafeMarkdown` component.
Ensure they match the expected configuration.
5. **Check for Other Sanitization Steps**:
Verify if there are any other sanitization steps or overrides in the
frontend code that might be affecting the `class` attribute. For example, check
if the `sanitizeHtml` function is called multiple times or if there are
additional sanitization layers.
By following these steps, you should be able to identify where the `class`
attribute is being stripped and ensure that the configuration is applied
correctly
<sup>[[1]](https://github.com/apache/superset/blob/master/superset-frontend/plugins/plugin-chart-handlebars/src/components/Handlebars/HandlebarsViewer.tsx)</sup><sup>[[2]](https://github.com/apache/superset/blob/master/superset-frontend/src/dashboard/components/gridComponents/Markdown.jsx)</sup><sup>[[3]](https://github.com/apache/superset/blob/master/superset-frontend/packages/superset-ui-core/src/utils/html.tsx)</sup>.
<!-- Dosu Comment Footer -->
*To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
