You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2019/12/05 23:01:45 UTC
[GitHub] [incubator-superset] nytai edited a comment on issue #8776: Toggle
to NOT render HTML on Table viz
nytai edited a comment on issue #8776: Toggle to NOT render HTML on Table viz
URL: https://github.com/apache/incubator-superset/issues/8776#issuecomment-562357070
@rubypollev looks like that's likely a bug in the table implementation. Looking at the logic: https://github.com/apache-superset/superset-ui-plugins/blob/master/packages/superset-ui-legacy-plugin-chart-table/src/Table.js#L154 it seems like the intent is for all content to be DOM/HTML escaped, however it seems like it's only applying it to string columns.
When you've experienced the issue, have people been injecting SQL and HTML in non-string fields?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org