Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[security] prevent XSS markup viz #3211

Merged
merged 2 commits into from
Aug 11, 2017
Merged

[security] prevent XSS markup viz #3211

merged 2 commits into from
Aug 11, 2017

Conversation

mistercrunch
Copy link
Member

This works but the CSS styling doesn't carry through. Would have to refactor the theme's CSS out of the javascript build and reference it in the iframe to make it work.

@coveralls
Copy link

coveralls commented Aug 1, 2017
edited
Loading

Coverage Status

Coverage remained the same at 69.349% when pulling 8bfc8251402cd722ae202e0844ba9c13b283af45 on mistercrunch:sandbox_markup into 299e9ce on apache:master.

1 similar comment
@coveralls
Copy link

Coverage Status

Coverage remained the same at 69.349% when pulling 8bfc8251402cd722ae202e0844ba9c13b283af45 on mistercrunch:sandbox_markup into 299e9ce on apache:master.

@mistercrunch
Copy link
Member Author

#3262 should unblock this effort

@coveralls
Copy link

coveralls commented Aug 9, 2017
edited
Loading

Coverage Status

Coverage increased (+0.03%) to 69.335% when pulling 26fcfa3919c96a80d48ea11615b42a74cbe87460 on mistercrunch:sandbox_markup into 327c052 on apache:master.

@mistercrunch mistercrunch changed the title [WiP] prevent XSS markup viz [security] prevent XSS markup viz Aug 10, 2017
@mistercrunch
Copy link
Member Author

The only issue left is somewhere around our custom font "Roboto" not working in iframes. Can we helvetica?

mistercrunch and others added 2 commits August 10, 2017 21:03
@mistercrunch
Prevent XSS in Markup viz
544d2ed 
We protect the browser by sandboxing the user code inside an iframe
@mistercrunch
Helvetica
1b3d135
@coveralls
Copy link

coveralls commented Aug 11, 2017
edited
Loading

Coverage Status

Coverage increased (+0.1%) to 69.387% when pulling 1b3d135 on mistercrunch:sandbox_markup into bd4a4c2 on apache:master.

@mistercrunch mistercrunch merged commit 0c5db55 into apache:master Aug 11, 2017
@mistercrunch mistercrunch deleted the sandbox_markup branch August 11, 2017 04:38
@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 0.19.1 labels Feb 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 0.19.1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mistercrunch @coveralls