You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@superset.apache.org by gi...@git.apache.org on 2017/10/04 16:17:28 UTC

[GitHub] mistercrunch commented on issue #3592: Unable to concatenate d3 formula

mistercrunch commented on issue #3592: Unable to concatenate d3 formula 
URL: https://github.com/apache/incubator-superset/issues/3592#issuecomment-334209617
 
 
   Taking code as input is a security issue. We'd like more general support for mathematical expressions using something like `math.js`, but any use of `eval` has potential XSS vulnerabilities. I asked folks in our security team and they said that if we used `math.js` we should do it within sandboxed iframes, which I'd rather not do at this time.
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services