GitHub user dosubot[bot] added a comment to the discussion: Superset V6.0 - Table chart now longer shows bold text with HTML <b> tag in columns
<!-- Answer --> This change is due to stricter HTML sanitization introduced in Superset 5.0 and continued in 6.0 to improve security and prevent XSS vulnerabilities. As a result, HTML tags like <b> are now escaped and displayed as plain text rather than rendered as HTML, even if "Render columns in HTML format" is enabled. This is an intentional security feature, not a bug. If you need to allow specific HTML tags (like <b>), you can configure the HTML_SANITIZATION_SCHEMA_EXTENSIONS setting in your Superset config to permit them, but be aware of the security implications before doing so. More details are discussed in [this issue](https://github.com/apache/superset/issues/35182). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/f200cee8-6062-45b7-9556-158344940291?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/f200cee8-6062-45b7-9556-158344940291?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/f200cee8-6062-45b7-9556-158344940291?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/f200cee8-6062-45b7-9556-158344940291?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/f200cee8-6062-45b7-9556-158344940291?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/f200cee8-6062-45b7-9556-158344940291?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/f200cee8-6062-45b7-9556-158344940291?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=This%20change%20is%20due%20to%20stricter%20HTML%20sanitization%20introduced%20in%20Superset%205.0%20and%20continued%20in%206.0%20to%20improve%20security%20and%20prevent%20XSS%20vulnerabilities.%20As%20a%20result%2C%20HTML%20tags%20like%20%3Cb%3E%20are%20now%20escaped%20and%20displayed%20as%20plain%20text%20rather%20than%20rendered%20as%20HTML%2C%20even%20if%20%22Render%20columns%20in%20HTML%20format%22%20is%20enabled.%20This%20is%20an%20intentional%20security%20feature%2C%20not%20a%20bug.%20If%20you%20need%20to%20allow%20specific%20HTML%20tags%20%28like%20%3Cb%3E%29%2C%20you%20can%20configure%20the%20HTML_SANITIZATION_SCHEMA_EXTENSIONS%20setting%20in%20your%20Superset%20config%20to%20permit%20them%2C%20but%20be%20aware%20of%20the%20security%20implicat ions%20before%20doing%20so.%20More%20details%20are%20discussed%20in%20%5Bthis%20issue%5D%28https%3A//github.com/apache/superset/issues/35182%29.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/36799) GitHub link: https://github.com/apache/superset/discussions/36799#discussioncomment-15321695 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
