You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by "rusackas (via GitHub)" <gi...@apache.org> on 2023/06/13 15:52:46 UTC

[GitHub] [superset] rusackas commented on a diff in pull request #24368: feat: make data tables support html

rusackas commented on code in PR #24368:
URL: https://github.com/apache/superset/pull/24368#discussion_r1228362829


##########
superset-frontend/packages/superset-ui-core/src/utils/html.tsx:
##########
@@ -0,0 +1,53 @@
+import React from 'react';
+import { FilterXSS, getDefaultWhiteList } from 'xss';
+
+const xssFilter = new FilterXSS({
+  whiteList: {

Review Comment:
   "allowList" would be better :) 
   
   Also, wondering if we can leverage the config.py's HTML_SANITIZATION_SCHEMA_EXTENSIONS here to keep things DRY. I guess that depends on whether or not people are going to want to start punching holes in this config.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org