Hi everyone,
I hope this email finds you well. I wanted to reach out to propose an idea for
enhancing Superset SQLLab's functionality.
Currently, the platform renders any HTML command in the result table, which can
sometimes obscure the full HTML in the request body. To address this, I suggest
Do we have a SIP written for this? (see
https://github.com/apache/superset/issues/5602 for context)
Also, did you consider having some kind of macro that would indicate to
the frontend that the result should be rendered as HTML? For example, this:
```
SELECT product, {{ render_html('product_u
Hi Yanisa,
Thank you for the proposal. As Beto mentioned, the best way to introduce new
features to Superset is through the SIP process where we can collectively
collaborate on the proposal. I bet that during the SIP review we’ll have many
questions about the security implications of the propos
Hi all,
I’d spoken to Yanisa about this previously. This change was on their list, and
I had advised them that this change might be fine with lazy consensus, but if
there’s controversy, they could elevate it to a SIP.
My impression was that it’s not a big significant architectural change or
s
It may also be worth noting that the current HTML rendering in SQL Lab (which
can’t be disabled by the user) respects Talisman configs, so it can strip out
the usual XSS concerns.
Evan Rusackas
On Mar 8, 2024 at 9:09 AM -0700, Evan Rusackas , wrote:
> Hi all,
>
> I’d spoken to Yanisa about this
Right, I'm not worried about security issues, since we already do this
by default and the current behavior can cause problems like stripping
XML tags from a string response!
(To see what I mean, just run
```
SELECT 'hello' AS xml;
```
in SQL Lab.)
I was just wondering if people had different
It looks like I misunderstood the proposal. I was with the impression that we
wanted to render the Google page inside SQL Lab but the proposal is just to
switch the rendering of the result as HTML or plain text. If I understood
correctly this time, then I have no objections.
Best regards,
Micha
On a related note, I just came across this old issue requesting such a feature.
I’m going to move it to a Discussion since it’s not a bug, and we can close it
out if/when this feature expands beyond SQL Lab. Feel free to add comments if
you feel it’s warranted: https://github.com/apache/superset
A github discussion (as opposed to a SIP) may be sufficient here, but open
to either. Clearly there's lots to talk about around the topic of
supporting html. I did some work around bringing in more support and
consistent support across the board in the past, mostly for links (``)
in various table v
Hi all,
I think we’re all caught up and on the same page here now. In short:
• HTML would be rendered by default
• This switch would effectively disable the rendering
If that’s all it does,, it sounds like there are no objections. Maybe it was
just a matter of wording, where it would be “Add opt
Hi all,
Hope it is not late to add an opinion. In our case HTML rendering is
mandatory in charts and dashboards. Maybe in SQLab could be optional or
disabled (it could make sense to see actual data for debuging queries,
and rendered result could not be so necessary at that level.)
We show r
Indeed, I understand that the proposal is to render HTML by default (as it is
today) and optionally disable it. This would mean it’s non-breaking, and adds
functionality rather than removing it.
Evan Rusackas
On Mar 14, 2024 at 2:28 AM -0600, Carlos Alonso Vega ,
wrote:
> Hi all,
>
> Hope it i
This feature will be really helpful. Since the functionality applies to the sql
results lower down the page, would it make sense to put the toggle in the
popover controls where the parameters, etc selections are?
> On Mar 14, 2024, at 2:50 PM, Evan Rusackas wrote:
>
> Indeed, I understand tha
@superset.apache.org
Subject: Re: Lazy Consensus Proposal: Enable option for render HTML on Superset
SQL Lab's result table
Email received from the internet. If in doubt, don't click any link nor open
any attachment !
This feature will be really helpful.
14 matches
Mail list logo
