[security] prevent XSS markup viz (#3211)

* Prevent XSS in Markup viz We protect the browser by sandboxing the user code inside an iframe * Helvetica
2026-04-17 07:05:04 +00:00 · 2017-08-10 21:38:33 -07:00
parent bd4a4c2753
commit 0c5db55d55
6 changed files with 49 additions and 20 deletions
--- a/superset/assets/javascripts/explore/components/controls/TextAreaControl.jsx
+++ b/superset/assets/javascripts/explore/components/controls/TextAreaControl.jsx
@@ -76,7 +76,7 @@ export default class TextAreaControl extends React.Component {
          modalTitle={controlHeader}
          triggerNode={
            <Button bsSize="small" className="m-t-5">
-              Edit <b>{this.props.language}</b> in modal
+              Edit <strong>{this.props.language}</strong> in modal
            </Button>
          }
          modalBody={this.renderEditor(true)}