admin管理员组

文章数量:1122846

Problem

When running a SQL query that includes an HTML <br> tag, Superset is not rendering the tag as expected. Instead, it's being stripped from the output.

Question

Is there a way to configure Superset to properly render HTML tags, specifically the <br> tag, in query results while maintaining security?

Run the following SQL query:

SELECT 'salary<=>salary<br>test' AS result;

Expected result: The output should display the exact text as it appears in the query.

Actual result: The output is displayed as "salarysalary" on a single line, with the <br> tag and subsequent text removed.

Configuration Attempted

The following configuration has been applied in a Kubernetes deployment using Helm:

FEATURE_FLAGS = {
 'ESCAPE_MARKDOWN_HTML': False,
}
HTML_SANITIZATION = True
HTML_SANITIZATION_SCHEMA_EXTENSIONS = {
 "attributes": {
     "*": ["style", "className", "class"],
 },
 "tagNames": ["br"]
}

It all was confirmed with superset shell.

from superset.app import app
print(app.config)

Additional Information

Superset is deployed on Kubernetes using Helm. The issue persists even with Talisman disabled (TALISMAN_ENABLED = False). Various combinations of HTML sanitization settings have been tried without success.

Environment:

• Superset version: 4.0.2

• Kubernetes version: 1.30

• Helm chart version: 0.12.11

• Database type: postgresql

本文标签： apache supersetHTML entities not rendering in query resultsStack Overflow