dosubot[bot] commented on issue #30381:
URL: https://github.com/apache/superset/issues/30381#issuecomment-2372441620
<!-- Answer -->
The issue seems to be that the `HTML_SANITIZATION_SCHEMA_EXTENSIONS`
configuration is not being correctly applied. Here are a few steps to
troubleshoot and potentially resolve the issue:
1. **Verify Configuration Loading**:
Ensure that the `superset_config.py` file is correctly loaded and the
configurations are being applied. You can add a print statement or log the
configuration to verify this.
2. **Check Frontend Configuration**:
The frontend components need to receive the
`HTML_SANITIZATION_SCHEMA_EXTENSIONS` configuration. Ensure that the
configuration is passed correctly from the backend to the frontend. This can be
done by checking the `bootstrap_data` payload in the `render_app_template`
method in `BaseSupersetView`:
```python
class BaseSupersetView(BaseView):
def render_app_template(
self, extra_bootstrap_data: dict[str, Any] | None = None
) -> FlaskResponse:
payload = {
"user": bootstrap_user_data(g.user, include_perms=True),
"common": common_bootstrap_payload(),
**(extra_bootstrap_data or {}),
}
return self.render_template(
"superset/spa.html",
entry="spa",
bootstrap_data=json.dumps(
payload, default=json.pessimistic_json_iso_dttm_ser
),
)
```
3. **Extend Sanitization Schema**:
Ensure that the `HTML_SANITIZATION_SCHEMA_EXTENSIONS` is correctly
extending the default schema. The configuration should look something like this:
```python
HTML_SANITIZATION_SCHEMA_EXTENSIONS = {
"attributes": {
"*": ["style", "class"],
},
"tagNames": ["style"],
}
```
4. **Check `xss` Library Configuration**:
The `xss` library configuration should allow the `style` attribute.
Ensure that the `css` property is set to `true` if you want to allow inline CSS:
```tsx
const xssFilter = new FilterXSS({
whiteList: {
...getDefaultWhiteList(),
span: ['style', 'class', 'title'],
div: ['style', 'class'],
a: ['style', 'class', 'href', 'title', 'target'],
img: ['style', 'class', 'src', 'alt', 'title', 'width', 'height'],
video: [
'autoplay',
'controls',
'loop',
'preload',
'src',
'height',
'width',
'muted',
],
},
stripIgnoreTag: true,
css: true,
});
```
5. **Debugging**:
Use the browser console to check if the
`HTML_SANITIZATION_SCHEMA_EXTENSIONS` configuration is being correctly passed
to the frontend. You can use the snippet you provided to log the configuration:
```js
const appContainer = document.getElementById('app');
const { common } = JSON.parse(
appContainer?.getAttribute('data-bootstrap') || '{}',
);
const htmlSanitization = common?.conf?.HTML_SANITIZATION;
const htmlSchemaOverrides =
common?.conf?.HTML_SANITIZATION_SCHEMA_EXTENSIONS;
console.log(htmlSanitization);
console.log(htmlSchemaOverrides);
```
By following these steps, you should be able to identify where the
configuration is not being applied correctly and ensure that the CSS is
properly rendered in the Handlebars chart.
<!-- Dosu Comment Footer -->
*To continue talking to [Dosu](https://dosu.dev), mention @dosu.*
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org
