dosubot[bot] commented on issue #34191: URL: https://github.com/apache/superset/issues/34191#issuecomment-3079784919
<!-- Greeting --> Hi @tdclemens! I'm [Dosu](https://go.dosu.dev/dosubot) and Iām helping the superset team. <!-- Answer --> This issue is caused by the frontend HTML sanitizer in Superset 5.0.0, which does not whitelist the class or style attributes for ul, ol, or li elements. As a result, CSS classes and styles are stripped from these elements, even though your backend config allows them. This is a change introduced with the new XSS filter logic in recent versions. To fix this, you need to update the whitelist in `superset-frontend/packages/superset-ui-core/src/utils/html.tsx` to explicitly allow 'class' and 'style' attributes for ul, ol, and li. For example, add: ```js ul: ['class', 'style'], ol: ['class', 'style'], li: ['class', 'style'], ``` to the `whiteList` object alongside the existing entries for div, span, etc. This will allow your CSS classes and styles to be preserved for lists in Handlebar charts. Backend config changes alone are not sufficient because the frontend sanitizer independently strips these attributes unless whitelisted here. After making this change, rebuild the frontend and reload your charts to verify the fix. For more details, see the relevant code and discussion [here](https://github.com/apache/superset/blob/829e4d92d91ceae4b43b1ed3b063ffe45377799c/superset-frontend/packages/superset-ui-core/src/utils/html.tsx) and [here](https://github.com/apache/superset/issues/33865). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/f003bb96-ec7d-4327-980a-589ba3a750bb?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/f003bb96-ec7d-4327-980a-589ba3a750bb?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/f003bb96-ec7d-4327-980a-589ba3a750bb?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/f003bb96-ec7d-4327-980a-589ba3a750bb?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/f003bb96-ec7d-4327-980a-589ba3a750bb?feedback_type=hallucination) | [Report š](https://app.dosu.dev/response-feedback/f003bb96-ec7d-4327-980a-589ba3a750bb?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/f003bb96-ec7d-4327-980a-589ba3a750bb?feedback_type=other)</sup> [](https://go.dosu.dev/discord-bot) [! [Share on X](https://img.shields.io/badge/X-share-black)](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/issues/34191) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
