Compare commits

...

3 Commits

Author SHA1 Message Date
Đỗ Trọng Hải
f4df5a15e1 Merge branch 'master' into fix/sanitize-client-error-message-when-shown-as-html-content 2026-07-05 11:58:30 +07:00
hainenber
74f815d09c fix: sanitize without probable check for HTML string
Signed-off-by: hainenber <dotronghai96@gmail.com>
2026-07-04 15:27:24 +07:00
hainenber
d250eacaee fix(frontend/setup): sanitize returned client error message when shown as HTML content
Signed-off-by: hainenber <dotronghai96@gmail.com>
2026-07-04 14:56:04 +07:00

View File

@@ -22,6 +22,7 @@ import {
SupersetClient,
getClientErrorObject,
ClientErrorObject,
sanitizeHtml,
} from '@superset-ui/core';
import setupErrorMessages from 'src/setup/setupErrorMessages';
@@ -41,7 +42,7 @@ function showApiMessage(resp: ClientErrorObject) {
const severity = resp.severity || 'info';
$(template)
.addClass(`alert-${severity}`)
.append(resp.message || '')
.append(sanitizeHtml(resp.message || ''))
.appendTo($('#alert-container'));
}