Re: [PR] feat: Allow superset to be deployed under a prefixed URL [superset]

via GitHub Fri, 14 Feb 2025 03:38:09 -0800


github-advanced-security[bot] commented on code in PR #30134:
URL: https://github.com/apache/superset/pull/30134#discussion_r1956008268



##########
superset-frontend/src/components/Tags/Tag.tsx:
##########
@@ -70,7 +71,7 @@
           <StyledTag data-test="tag" key={id} onClick={onClick} 
role={whatRole}>
             {id ? (
               <a
-                href={`/superset/all_entities/?id=${id}`}
+                href={ensureAppRoot(`/superset/all_entities/?id=${id}`)}

Review Comment:
   ## DOM text reinterpreted as HTML
   
   [DOM text](1) is reinterpreted as HTML without escaping meta-characters.
   
   [Show more 
details](https://github.com/apache/superset/security/code-scanning/1272)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org

Re: [PR] feat: Allow superset to be deployed under a prefixed URL [superset]

Reply via email to