richardfogaca opened a new pull request, #35665:
URL: https://github.com/apache/superset/pull/35665
### SUMMARY
Fixes deck.gl custom tooltips to work with HTML_SANITIZATION=True.
** Problem **
HTML_SANITIZATION=True caused the custom tooltips to not work properly
because SafeMarkdown was stripping all style attributes.
** Solution **
- Replace SafeMarkdown with sanitizeHtml() in HandlebarsRenderer.tsx
- sanitizeHtml uses the xss library which allows style attributes while
still preventing XSS attacks
- Reset HTML_SANITIZATION = True in config.py
### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
<img width="648" height="516" alt="Screenshot 2025-10-15 at 14 39 03"
src="https://github.com/user-attachments/assets/ec3006d0-543c-4418-872b-be1b17d8b559";
/>
### TESTING INSTRUCTIONS
1. Create a deck.gl chart (scatter, arc, etc.)
2. Add a custom tooltip with inline styles:
<div style="background: #2c3e50; color: white; padding: 10px;">
Year: {{YEAR}}
</div>
3. Hover over a data point - verify styling is preserved
4. Confirm HTML_SANITIZATION = True in config.py
ADDITIONAL INFORMATION
- Has associated issue: Fixes regression from #34276
- Required feature flags:
- Changes UI
- Includes DB Migration
- Introduces new feature or API
- Removes existing feature or API
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
