GitHub user dosubot[bot] added a comment to the discussion: Links in Embedded Superset Dashboards Open as Nested IFrames – Markdown target Attribute Stripped
<!-- Greeting --> Hello @vinitsinghania915! I'm [Dosu](https://dosu.dev), your friendly bot here to help you with bugs, questions, and becoming a contributor. I'm ready to assist you while we wait for a human maintainer. How can I help you today? <!-- Answer --> I found a similar discussion that might be relevant to your issue: [Allow target Attribute in Markdown Links for Opening Links in a New Tab](https://github.com/apache/superset/discussions/31982). This discussion is still open and might provide some insights or potential solutions to your problem <sup>[[1]](https://github.com/apache/superset/discussions/31982)</sup>. Regarding your issue, the Superset Markdown component uses the `xss` library to sanitize HTML attributes, including the `target` attribute. However, the `target` attribute is actually allowed for `<a>` tags in the current configuration, so it should not be stripped out <sup>[[2]](https://github.com/apache/superset/blob/master/superset-frontend/packages/superset-ui-core/src/utils/html.tsx)</sup>. Additionally, you can use the `HTML_SANITIZATION_SCHEMA_EXTENSIONS` configuration option in Superset to allow certain HTML attributes in Markdown components. This option lets you extend the default sanitization schema to include specific HTML elements or attributes that are otherwise blocked <sup>[[3]](https://github.com/apache/superset/blob/master/UPDATING.md)</sup><sup>[[4]](https://github.com/apache/superset/blob/master/superset/config.py)</sup>. For managing navigation in embedded dashboards, consider using the `iframeSandboxExtras` parameter to customize the sandbox attributes of the iframe. This can help control navigation behavior, such as allowing top navigation or popups to escape the sandbox <sup>[[5]](https://github.com/apache/superset/blob/master/superset-embedded-sdk/README.md)</sup>. <!-- Dosu Comment Footer --> *To continue talking to [Dosu](https://dosu.dev), mention @dosu.* --- <sup>Help Dosu learn! Give it feedback: [Great Response](https://app.dosu.dev/response-feedback/4a9f6644-703b-4dd8-b99c-e4e2fd7c3e04?feedback_type=great_response) | [Irrelevant Answer](https://app.dosu.dev/response-feedback/4a9f6644-703b-4dd8-b99c-e4e2fd7c3e04?feedback_type=irrelevant_answer) | [Incorrect Sources](https://app.dosu.dev/response-feedback/4a9f6644-703b-4dd8-b99c-e4e2fd7c3e04?feedback_type=incorrect_sources) | [Too Verbose](https://app.dosu.dev/response-feedback/4a9f6644-703b-4dd8-b99c-e4e2fd7c3e04?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/4a9f6644-703b-4dd8-b99c-e4e2fd7c3e04?feedback_type=hallucination) | [Bug Report](https://app.dosu.dev/response-feedback/4a9f6644-703b-4dd8-b99c-e4e2fd7c3e04?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/4a9f6644-703b-4dd8-b99c-e4e2fd7c3e04?feedback_type=other)</sup> GitHub link: https://github.com/apache/superset/discussions/33179#discussioncomment-12875815 ---- This is an automatically sent email for notifications@superset.apache.org. To unsubscribe, please send an email to: notifications-unsubscr...@superset.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
