[GitHub] [superset] mistercrunch edited a comment on pull request #12315: feat: provide config to insert html tags in every view

[GitBox <gi...@apache.org>]

mistercrunch edited a comment on pull request #12315:
URL: https://github.com/apache/superset/pull/12315#issuecomment-755914927


   @ktmud, I wanted to point out that if `app.config` is accessible/compromised, the whole app is compromised at that point and the `HTML_TEMPLATE_SCRIPT` would be *at best* a convenient hook to do certain things. 
   
   Generally I'm bullish on letting people adding hooks that are unlikely to be used by most especially if we add a note/disclaimer to "use with caution". @nytai maybe you can add a note to that effect in `config.py`. Generally we can trust that administrator should know what they're doing.
   
   I know there are many dom-based tools that are pretty smart about monitoring url history for changes. From the page you linked to above:
   
   
   _Note: Developers creating Single Page Applications can use autotrack, which includes a urlChangeTracker plugin that handles all of the important considerations listed in this guide for you. See the autotrack documentation for usage and installation instructions_


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org