SupersetOdT commented on issue #36794:
URL: https://github.com/apache/superset/issues/36794#issuecomment-3692561450
**issue 3:**
The iframes are displayed correctly at my place via the "Text/Markdown"
module. Everything can be iframed if I authorize it via the CSP rules.
I use the same sanitization as you.
TALISMAN_ENABLED = False is good for testing but for production, it will be
necessary to better secure the elements that can be displayed by Superset
(CSP).
On the other hand, I do not know the configuration variables ALLOW_IFRAME
and ENABLE_JINJA_TEMPLATING. For version 6.0.0, I use the feature flags
{"CSS_TEMPLATES": True}, {"ESCAPE_MARKDOWN_HTML": False}
([Read](https://github.com/apache/superset/blob/6.0.0/superset/config.py))
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
