mistercrunch commented on pull request #12315: URL: https://github.com/apache/superset/pull/12315#issuecomment-755914927
@ktmud, I wanted to point out that if `app.config` is accessible/compromised, the whole app is compromised at that point and the `HTML_TEMPLATE_SCRIPT` would be *at best* a convenient hook to do certain things. Generally I'm bullish on letting people adding hooks that are unlikely to be used by most especially if we add a note/disclaimer to "use with caution". @nytai maybe you can add a note to that effect in `config.py`. Generally we can trust that administrator should know what they're doing. I know there are many dom-based tools that are pretty smart about monitoring url history for changes. From the page you linked to above: ``` Note: Developers creating Single Page Applications can use autotrack, which includes a urlChangeTracker plugin that handles all of the important considerations listed in this guide for you. See the autotrack documentation for usage and installation instructions. ``` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
