* [sql lab] disable cross schema search
This is killing our metastore as people type it emits large
all-table-dump as they hit the keystroke. It never returns as it times
out and hammers the poor metastore.
Also some improvements around the disabling the table select on the left
panel and having the table name not be sticky.
* typo
* Adding option to visualize negative values in Table view
* Adding option for highlighting and right aligning
* Fixed typo
* Fixed case and condition
* Formatting
* Aligning left and default changes
* Changing default
* [Explore] Save url parameters when user save slices
* remove print
(cherry picked from commit bd9ecbe)
* add unit test
(cherry picked from commit 0f350ad)
* wrapping all request params into url_params
(cherry picked from commit 17197c1)
* adding refresh chart overlay when chart is out of sync with control panel
* fading the visualization when stale
* addressing comments from team on layout of UI
* Introduce an onInit method for when a new viz_type is selected
This allows for clearing certain controls where/when needed. For
instance here, when loading deck_scatter, even if there was a time
granularity picked for the previous viz_type, we want to unselect it.
* making it functional
* Add to history on instant control change
* Update latestQueryFormData on render triggered
* Add new message type
* Update latestQueryFormData in UPDATE_QUERY_FORM_DATA
Moving to a grid that is 4 times more granular. 48 columns.
Shipping a db migration script which will upgrade the position metadata
to reflect this change.
Also adapting the examples to the new grid parameters.
* [Explore view] Use POST method for charting requests
* fix per code review comments
* more code review fixes
* code review fix: remove duplicated calls for getting values from request
* [Explore view] Use POST method for charting requests
* fix per code review comments
* more code review fixes
* code review fix: remove duplicated calls for getting values from request
* [geo] introduce "Auto Zoom" control
On geospatial visualization, checking the "Auto Zoom" control makes it
such that the viewport is fitted to the data upon rendering the chart.
For dashboards with region filters, the map should jump to the right
position.
Eventually we should enhance this to fly and ease to the position in an
animated way.
* Added TODO notes
* Switched yaml.load to yaml.safe_load to prevent code execution via crafted yaml files
Python's yaml.laod can lead to code execution via crafted yaml files such as:
```
code_exec: !!python/object/apply:subprocess.check_output ['ls']
```
* Fixed XSS via bleach
It was possible to get an XSS via the markdown library via simply setting a description containing arbitary HTML tags.
It was also possible to create links that went to the `javascript:` link handler (eg `[example](javascript:alert(0)`)
Using bleach to sanitize it solves both of these.
* Added XFO header by default to prevent clickjacking attacks
Note that with this application clickjacking can be relatively severe via the SQLLab functionality
which allows executing arbitary SQL.
* Added justification for dangerouslySetInnerHTML
* Fixed linting errors
* Fixed linting errors
Druid sometimes returns error message that are contained in "<>", as in
`<urlopen error [Errno 61] Connection refused>`. Since Superset's
approach is often to bubble up messages coming from external library,
it's impossible to predict whether it will contain special characters.
There are some cases where our error handling does return some html
(presto?),
but we should manage that upstream. Plus the current setup has security concerns,
so let's move away from that.
* Update installation.rst for Ubuntu 16.04 LTS
Ubuntu 16.04 by default install python2.7 alongside with python 3.5 and set python2.7 as default. If you have created a virtualenv with python3.5 compilation fails due to wrong python-dev library installed.
If you install ``python3.5-dev`` the build for the wheel package of ``cryptography`` run fine.
* Add options in D3_TIME_FORMAT_OPTIONS for non-english Time Format.
Added '%d/%m/%Y' and '%d/%m/%Y %H:%M:%S' as valid drop-down option for Axis Format
Moving from having the user define an interceptor function that operates
on one object at a time.
By passing the entire array, it's possible to do multiple pass where
needed. A common pattern might be to figure out the max value in order
to define a scaler function. That's only possible if dealing with the
whole array.