You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2019/12/05 22:45:34 UTC

[GitHub] [incubator-superset] rubypollev opened a new issue #8776: Toggle to NOT render HTML on Table viz

rubypollev opened a new issue #8776: Toggle to NOT render HTML on Table viz
URL: https://github.com/apache/incubator-superset/issues/8776
 
 
   **Is your feature request related to a problem? Please describe.**
   Sometimes I'm querying data with URL params. I always get people injecting SQL or HTML in here. Not usually a problem, but the Table viz is rendering this HTML. This is a security concern. 
   
   **Describe the solution you'd like**
   I'd like to toggle this ON on a case-by-case basis in the "customize" tab. Might need a config flag for default behaviour, too. 
   
   **Describe alternatives you've considered**
   Maybe a feature flag to turn this off for the whole implementation? 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org