GitHub user dosubot[bot] added a comment to the discussion: Superset V6.0 - Table chart now longer shows bold text with HTML <b> tag in columns
<!-- Answer --> In Superset 6.0, even if you set `HTML_SANITIZATION = False` and extend `HTML_SANITIZATION_SCHEMA_EXTENSIONS`, table/chart cells are still sanitized in the frontend using libraries like DOMPurify and rehype-sanitize. This stricter frontend sanitization cannot be bypassed by backend config changes, so tags like `<b>` are escaped and not rendered as HTML for security reasons. There is currently no supported way to render raw HTML (like `<b>`) in table/chart cells due to these enforced security measuresĀ ([source](https://github.com/apache/superset/issues/35182), [source](https://github.com/apache/superset/issues/36779), [source](https://github.com/apache/superset/pull/36513)). If you need to render HTML, dashboard Markdown components may respect your config overrides, but table/chart cells do not. This is an intentional change to prevent XSS vulnerabilities. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/aff734cf-f483-4d5c-bcca-c7ed970f3a7a?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/aff734cf-f483-4d5c-bcca-c7ed970f3a7a?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/aff734cf-f483-4d5c-bcca-c7ed970f3a7a?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/aff734cf-f483-4d5c-bcca-c7ed970f3a7a?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/aff734cf-f483-4d5c-bcca-c7ed970f3a7a?feedback_type=hallucination) | [Report š](https://app.dosu.dev/response-feedback/aff734cf-f483-4d5c-bcca-c7ed970f3a7a?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/aff734cf-f483-4d5c-bcca-c7ed970f3a7a?feedback_type=other)</sup> [](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=In%20Superset%206.0%2C%20even%20if%20you%20set%20%60HTML_SANITIZATION%20%3D%20False%60%20and%20extend%20%60HTML_SANITIZATION_SCHEMA_EXTENSIONS%60%2C%20table/chart%20cells%20are%20still%20sanitized%20in%20the%20frontend%20using%20libraries%20like%20DOMPurify%20and%20rehype-sanitize.%20This%20stricter%20frontend%20sanitization%20cannot%20be%20bypassed%20by%20backend%20config%20changes%2C%20so%20tags%20like%20%60%3Cb%3E%60%20are%20escaped%20and%20not%20rendered%20as%20HTML%20for%20security%20reasons.%20There%20is%20currently%20no%20supported%20way%20to%20render%20raw%20HTML%20%28like%20%60%3Cb%3E%60%29%20in%20table/chart%20cells%20due%20to%20these%20enforced%20security%20measures%C2%A0%28%5Bsource%5D%28https%3A//github.com/apache/superset/issues/35182%29 %2C%20%5Bsource%5D%28https%3A//github.com/apache/superset/issues/36779%29%2C%20%5Bsource%5D%28https%3A//github.com/apache/superset/pull/36513%29%29.%20%0A%0AIf%20you%20need%20to%20render%20HTML%2C%20dashboard%20Markdown%20components%20may%20respect%20your%20config%20overrides%2C%20but%20table/chart%20cells%20do%20not.%20This%20is%20an%20intentional%20change%20to%20prevent%20XSS%20vulnerabilities.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/36799) GitHub link: https://github.com/apache/superset/discussions/36799#discussioncomment-15322528 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
