aminghadersohi commented on code in PR #36933:
URL: https://github.com/apache/superset/pull/36933#discussion_r2911847702
##########
embed-demo.html:
##########
@@ -0,0 +1,126 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <title>Superset Embedded Chart Demo</title>
+ <style>
+ body {
+ font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto,
sans-serif;
+ max-width: 1200px;
+ margin: 0 auto;
+ padding: 40px;
+ background: #f5f5f5;
+ }
+ h1 { color: #333; }
+ .input-section {
+ background: white;
+ border-radius: 8px;
+ padding: 20px;
+ box-shadow: 0 2px 8px rgba(0,0,0,0.1);
+ margin-bottom: 20px;
+ }
+ textarea {
+ width: 100%;
+ height: 150px;
+ font-family: monospace;
+ font-size: 12px;
+ padding: 10px;
+ border: 1px solid #ddd;
+ border-radius: 4px;
+ resize: vertical;
+ box-sizing: border-box;
+ }
+ button {
+ background: #20a7c9;
+ color: white;
+ border: none;
+ padding: 12px 24px;
+ font-size: 16px;
+ border-radius: 4px;
+ cursor: pointer;
+ margin-top: 10px;
+ }
+ button:hover {
+ background: #1a8fa8;
+ }
+ .chart-container {
+ background: white;
+ border-radius: 8px;
+ padding: 20px;
+ box-shadow: 0 2px 8px rgba(0,0,0,0.1);
+ min-height: 450px;
+ }
+ label {
+ font-weight: 600;
+ display: block;
+ margin-bottom: 8px;
+ }
+ </style>
+</head>
+<body>
+ <h1>Superset Embedded Chart Demo</h1>
+
+ <div class="input-section">
+ <label for="iframe-input">Paste iframe_html response here:</label>
+ <textarea id="iframe-input" placeholder="Paste the iframe_html value from
get_embeddable_chart response..."></textarea>
+ <button onclick="embedChart()">Embed Chart</button>
+ </div>
+
+ <div class="chart-container" id="chart-container">
+ <p style="color: #999; text-align: center; margin-top: 200px;">Chart will
appear here</p>
+ </div>
+
+ <script>
+ function embedChart() {
+ const input = document.getElementById('iframe-input').value.trim();
+ const container = document.getElementById('chart-container');
+
+ if (!input) {
+ alert('Please paste the iframe_html first');
+ return;
+ }
+
+ // Safely parse input and only allow iframe elements (prevent XSS)
+ const parser = new DOMParser();
+ const doc = parser.parseFromString(input, 'text/html');
Review Comment:
Fixed — `embed-demo.html` was removed in commit c7903163 to address this
CodeQL alert. The file no longer exists in the repository.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
