[I] HTML `
` tag not rendering in query results [superset]

Thu, 21 Nov 2024 01:51:00 -0800 


hf-13 opened a new issue, #31015:
URL: https://github.com/apache/superset/issues/31015

   ### Bug description
   
   ## Description
   When running a SQL query that includes an HTML `<br>` tag, Superset is not 
rendering the tag as expected. Instead, it's being stripped from the output.
   
   ## Steps to Reproduce
   1. Run the following SQL query:
      
   ```sql
   SELECT 'salary<=>salary<br>test' AS result;
   ```
    
   2. Expected result: The output should display the exact text as it appears 
in the query.
   3. Actual result: The output is displayed as "salarysalary" on a single 
line, with the `<br>` tag and subsequent text removed.
   
   ## Configuration Attempted
   The following configuration has been applied in a Kubernetes deployment 
using Helm:
   
   ```yaml
   FEATURE_FLAGS = {
    'ESCAPE_MARKDOWN_HTML': False,
   }
   HTML_SANITIZATION = True
   HTML_SANITIZATION_SCHEMA_EXTENSIONS = {
    "attributes": {
        "*": ["style", "className", "class"],
    },
    "tagNames": ["br"]
   }
   ```
   It all was confirmed with `superset shell`
   
   ```python
   from superset.app import app
   print(app.config)
   ```
   
   ## Additional Information
   - Superset is deployed on Kubernetes using Helm.
   - The issue persists even with Talisman disabled (`TALISMAN_ENABLED = 
False`).
   - Various combinations of HTML sanitization settings have been tried without 
success.
   
   ## Environment
   - Superset version: 4.0.2
   - Kubernetes version: 1.30
   - Helm chart version: 0.12.11
   - Database type: postgresql
   
   ## Question
   Is there a way to configure Superset to properly render HTML tags, 
specifically the `<br>` tag, in query results while maintaining security?
   
   
   ### Screenshots/recordings
   
   _No response_
   
   ### Superset version
   
   4.1.0
   
   ### Python version
   
   3.10
   
   ### Node version
   
   16
   
   ### Browser
   
   Chrome
   
   ### Additional context
   
   _No response_
   
   ### Checklist
   
   - [X] I have searched Superset docs and Slack and didn't find a solution to 
my problem.
   - [X] I have searched the GitHub issue tracker and didn't find a similar bug 
report.
   - [ ] I have checked Superset's logs for errors and if I found a relevant 
Python stacktrace, I included it here as text in the "additional context" 
section.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to