fix(Context-Menu): Fixing Context Menu for Table Chart with Html Content #33791
Conversation
![korbit-ai[bot]](https://avatars.githubusercontent.com/in/322216?s=60&v=4){kind=small}
There was a problem hiding this comment.
Review by Korbit AI
Korbit automatically attempts to detect when you fix issues in new commits.
| Category | Issue | Status |
|---|---|---|
 |
Missing security and environment documentation ▹ view | ✅ Fix detected |
 |
Unreliable HTML Detection ▹ view | ✅ Fix detected |
Files scanned
| File Path | Reviewed |
|---|---|
| superset-frontend/plugins/plugin-chart-table/src/TableChart.tsx | ✅ |
Explore our documentation to understand the languages and file types we support and the files we ignore.
Check out our docs on how you can make Korbit work best for you and your team.
superset-frontend/plugins/plugin-chart-table/src/TableChart.tsx
Outdated
Show resolved
Hide resolved
superset-frontend/plugins/plugin-chart-table/src/TableChart.tsx
Outdated
Show resolved
Hide resolved
|
@sadpandajoe Processing your ephemeral environment request here. Action: up. More information on how to use or configure ephemeral environments |
|
@sadpandajoe Ephemeral environment spinning up at http://35.89.173.179:8080. Credentials are 'admin'/'admin'. Please allow several minutes for bootstrapping and startup. |
| const getNoResultsMessage = (filter: string) => | ||
| filter ? t('No matching records found') : t('No records found'); | ||
|
|
||
| const isHtml = (value: any): boolean => { |
There was a problem hiding this comment.
comment crafted with Claude ->
Hi @amaannawab923, thanks for working on this fix!
For handling HTML content in table cells, we already have comprehensive HTML utilities available in the codebase that should be used:
📍 HTML Utilities Location: @superset-ui/core/src/utils/html
Key functions available:
- removeHTMLTags(str) - Strips all HTML tags from a string (useful for getting plain text for context menu operations)
- sanitizeHtml(htmlString) - Safely sanitizes HTML content using XSS filtering
- isProbablyHTML(text) - Detects if a string contains valid HTML
- safeHtmlSpan(possiblyHtmlString) - Returns a safe React component for rendering HTML
The table chart already uses these utilities in superset-frontend/plugins/plugin-chart-table/src/utils/formatValue.ts:54 for sanitizing HTML content when allowRenderHtml is enabled.
For the context menu issue with HTML tags, you might want to use removeHTMLTags() to extract the plain text value for drill-down operations. This is already being done in the drill detail menu items (see
DrillDetailMenuItems.tsx:93).
Example usage:
import { removeHTMLTags } from '@superset-ui/core';
// When handling context menu for HTML cells
const plainTextValue = removeHTMLTags(htmlCellValue);
This approach ensures consistency with how HTML is handled throughout the codebase and maintains proper security sanitization.
|
Converting to draft until adjusted / ready for another round of review |
Did the changes as per recommendation @mistercrunch |
There was a problem hiding this comment.
Review by Korbit AI
Korbit automatically attempts to detect when you fix issues in new commits.
| Category | Issue | Status |
|---|---|---|
 |
Insufficient HTML Sanitization ▹ view | ✅ Fix detected |
Files scanned
| File Path | Reviewed |
|---|---|
| superset-frontend/plugins/plugin-chart-table/src/TableChart.tsx | ✅ |
Explore our documentation to understand the languages and file types we support and the files we ignore.
Check out our docs on how you can make Korbit work best for you and your team.
superset-frontend/plugins/plugin-chart-table/src/TableChart.tsx
Outdated
Show resolved
Hide resolved
| const getNoResultsMessage = (filter: string) => | ||
| filter ? t('No matching records found') : t('No records found'); | ||
|
|
||
| const sanitizeHtmlValue = (value: DataRecordValue): DataRecordValue => { |
There was a problem hiding this comment.
can't use the sanitizeHtml from the utils? Guessing this is different? does this function belongs in the utils or is it component-specific?
There was a problem hiding this comment.
Yes this is different , its about extracting value from Html Tag ->
Input :
< /a href="https://www.google.com/search?q=United Kingdom">United Kingdom</a>"
Expected Output:
United Kingdom
Sanitise Html function would just sanitise that html to remove malicious code
For now , i guess this is component specific , because it will only come to use here in Table
There was a problem hiding this comment.
I think the function name is causing confusion with html sanitisation , should probably rename it to , ExtractTextFromHtml
|
Add simple covering unit tests and I think this is mergeable! |
Done ! Added Unit tests & Thanks for the review |
|
@msyavuz why the hold? |
|
@mistercrunch The issue has a bounty assigned. We need to remove that before this get's merged. |
SUMMARY
screen-capture.45.webm
Fixes: #33771
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
TESTING INSTRUCTIONS
ADDITIONAL INFORMATION