Moving to a grid that is 4 times more granular. 48 columns.
Shipping a db migration script which will upgrade the position metadata
to reflect this change.
Also adapting the examples to the new grid parameters.
* [Explore view] Use POST method for charting requests
* fix per code review comments
* more code review fixes
* code review fix: remove duplicated calls for getting values from request
* [Explore view] Use POST method for charting requests
* fix per code review comments
* more code review fixes
* code review fix: remove duplicated calls for getting values from request
* [geo] introduce "Auto Zoom" control
On geospatial visualization, checking the "Auto Zoom" control makes it
such that the viewport is fitted to the data upon rendering the chart.
For dashboards with region filters, the map should jump to the right
position.
Eventually we should enhance this to fly and ease to the position in an
animated way.
* Added TODO notes
* Switched yaml.load to yaml.safe_load to prevent code execution via crafted yaml files
Python's yaml.laod can lead to code execution via crafted yaml files such as:
```
code_exec: !!python/object/apply:subprocess.check_output ['ls']
```
* Fixed XSS via bleach
It was possible to get an XSS via the markdown library via simply setting a description containing arbitary HTML tags.
It was also possible to create links that went to the `javascript:` link handler (eg `[example](javascript:alert(0)`)
Using bleach to sanitize it solves both of these.
* Added XFO header by default to prevent clickjacking attacks
Note that with this application clickjacking can be relatively severe via the SQLLab functionality
which allows executing arbitary SQL.
* Added justification for dangerouslySetInnerHTML
* Fixed linting errors
* Fixed linting errors
Druid sometimes returns error message that are contained in "<>", as in
`<urlopen error [Errno 61] Connection refused>`. Since Superset's
approach is often to bubble up messages coming from external library,
it's impossible to predict whether it will contain special characters.
There are some cases where our error handling does return some html
(presto?),
but we should manage that upstream. Plus the current setup has security concerns,
so let's move away from that.
* Update installation.rst for Ubuntu 16.04 LTS
Ubuntu 16.04 by default install python2.7 alongside with python 3.5 and set python2.7 as default. If you have created a virtualenv with python3.5 compilation fails due to wrong python-dev library installed.
If you install ``python3.5-dev`` the build for the wheel package of ``cryptography`` run fine.
* Add options in D3_TIME_FORMAT_OPTIONS for non-english Time Format.
Added '%d/%m/%Y' and '%d/%m/%Y %H:%M:%S' as valid drop-down option for Axis Format
Moving from having the user define an interceptor function that operates
on one object at a time.
By passing the entire array, it's possible to do multiple pass where
needed. A common pattern might be to figure out the max value in order
to define a scaler function. That's only possible if dealing with the
whole array.
* Working polygon layer for deckGL
* add js controls
* add thumbnail
* better description
* refactor to leverage line_column controls
* templates: open code and documentation on a new tab (#4217)
As they are external resources.
* Fix tutorial doesn't match the current interface #4138 (#4215)
* [bugfix] markup and iframe viz raise 'Empty query' (#4225)
closes https://github.com/apache/incubator-superset/issues/4222
Related to: https://github.com/apache/incubator-superset/pull/4016
* [bugfix] time_pivot entry got missing in merge conflict (#4221)
PR here https://github.com/apache/incubator-superset/pull/3518 missed a
line of code while merging conflicts with time_pivot viz
* Improve deck.gl GeoJSON visualization (#4220)
* Improve geoJSON
* Addressing comments
* lint
* refactor to leverage line_column controls
* refactor to use DeckPathViz
* oops
* Using JS to customize spatial viz and tooltips
* Add missing deck_multi.png
* Improve GeoJSON layer with JS support and extra controls
* Addressing comments
* Make Welcome page into a simple React app
This removes a dependency on datatables, we should be able to get rid
of it as we re-write the Table and PivotTable viz
* tests/lint
* Bump node version to latest
* added deckgl geojson layer
* linting
* fixed comments
* addressed comments
* added override with controls.color_picker > 0
* set var properly
* set colors if property doesnt exist at all
* refacator on property mapping
* Introduce Javascript controls
This allows power-users to perform intricate transformations on data and
objects using javascript code.
The operations allowed are "sanboxed" or limited using node's vm
`runInNewContext`
https://nodejs.org/api/vm.html#vm_vm_runinnewcontext_code_sandbox_options
For now I'm only enabling in the line chart visualization, but the plan
would be to go towards offering more power to people who can write some
JS moving forward.
* Not applied
* Adding full Annotation Framework
* Viz types
* Re organizing native annotations
* liniting
* Bug fix
* Handle no data
* Cleanup
* Refactor slice form_data to data
For context, the viewport gets updated dynamically from the user
actions on the map. This is done on a timer every second or so to keep
the form data updated with the viewport settings.
With renderTrigger=true on that control that generates re-renders which
introduces glitches while zooming/panning. So turning it off as we don't
really expect users to input viewport info directly in the control
anyways.
