sfirke commented on issue #30381:
URL: https://github.com/apache/superset/issues/30381#issuecomment-2374882387
Hi! You got somewhere with the bot at least, I was gonna say
`HTML_SANITIZATION = True` is in my top level superset_config.py, not a Feature
Flag. But looks like you got that.
I have this, which includes some options for iFraming you might not need. I
think this is nothing new but just to share in case:
```
HTML_SANITIZATION = True
HTML_SANITIZATION_SCHEMA_EXTENSIONS = {
"attributes": {
"*": ["style", "className", "src", "width", "height", "frameborder",
"marginwidth", "marginheight", "scrolling", "target"], # this enables basic CSS
styling for Handlebars text charts and iFrame embeds for our feedback forms
},
"tagNames": ["style", "iframe", "h1", "h2", "h3", "h4", "h5", "h6"],
}
```
You might need to enable `unsafe-eval` in your Talisman CSP, see
https://github.com/apache/superset/issues/27299#issuecomment-1978075353 and
https://github.com/apache/superset/issues/25205 for instance
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
