robdiciuccio commented on a change in pull request #11704:
URL:
https://github.com/apache/incubator-superset/pull/11704#discussion_r524830732
##########
File path: superset/jinja_context.py
##########
@@ -186,6 +188,28 @@ def url_param(
return result
+def safe_proxy(func: Callable[..., Any], *args: Any, **kwargs: Any) -> Any:
Review comment:
Another point here is that the functions being called via `safe_proxy`
are not user-generated, and we can be fairly certain they are safe due to the
existing code review process. I added some logic in my last commit to check
top-level context variables for disallowed types. This could potentially
benefit from recursion...
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
