fix(config.py): reset HTML_SANITIZATION to True by default (#35603)

2026-04-17 07:05:04 +00:00 · 2025-10-15 19:03:51 +00:00
parent 78907d08cd
commit 09772eeda0
1 changed files with 1 additions and 1 deletions
--- a/superset/config.py
+++ b/superset/config.py
@@ -972,7 +972,7 @@ CORS_OPTIONS: dict[Any, Any] = {
 # Disabling this option is not recommended for security reasons. If you wish to allow
 # valid safe elements that are not included in the default sanitization schema, use the
 # HTML_SANITIZATION_SCHEMA_EXTENSIONS configuration.
-HTML_SANITIZATION = False
+HTML_SANITIZATION = True

 # Use this configuration to extend the HTML sanitization schema.
 # By default we use the GitHub schema defined in