From 07a550c0455d31540d079ce4d01736b92e8cf71d Mon Sep 17 00:00:00 2001
From: geido <diegopucci.me@gmail.com>
Date: Wed, 14 Dec 2022 12:42:28 +0100
Subject: [PATCH 1/2] Force configuration for SafeMarkdown

---
 .../src/components/SafeMarkdown.tsx               | 15 ++++++++-------
 .../components/gridComponents/Markdown.jsx        |  8 --------
 2 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/superset-frontend/packages/superset-ui-core/src/components/SafeMarkdown.tsx b/superset-frontend/packages/superset-ui-core/src/components/SafeMarkdown.tsx
index 4db48d426533d..7ab7e71348412 100644
--- a/superset-frontend/packages/superset-ui-core/src/components/SafeMarkdown.tsx
+++ b/superset-frontend/packages/superset-ui-core/src/components/SafeMarkdown.tsx
@@ -25,15 +25,16 @@ import { FeatureFlag, isFeatureEnabled } from '../utils';
 
 interface SafeMarkdownProps {
   source: string;
-  htmlSanitization?: boolean;
-  htmlSchemaOverrides?: typeof defaultSchema;
 }
 
-function SafeMarkdown({
-  source,
-  htmlSanitization = true,
-  htmlSchemaOverrides = {},
-}: SafeMarkdownProps) {
+function SafeMarkdown({ source }: SafeMarkdownProps) {
+  const appContainer = document.getElementById('app');
+  const { common } = JSON.parse(
+    appContainer?.getAttribute('data-bootstrap') || '{}',
+  );
+  const htmlSanitization: boolean = common?.conf?.HTML_SANITIZATION ?? true;
+  const htmlSchemaOverrides: typeof defaultSchema =
+    common?.conf?.HTML_SANITIZATION_SCHEMA_EXTENSIONS || {};
   const displayHtml = isFeatureEnabled(FeatureFlag.DISPLAY_MARKDOWN_HTML);
   const escapeHtml = isFeatureEnabled(FeatureFlag.ESCAPE_MARKDOWN_HTML);
 
diff --git a/superset-frontend/src/dashboard/components/gridComponents/Markdown.jsx b/superset-frontend/src/dashboard/components/gridComponents/Markdown.jsx
index d4a4f7790b096..79fccfadc9761 100644
--- a/superset-frontend/src/dashboard/components/gridComponents/Markdown.jsx
+++ b/superset-frontend/src/dashboard/components/gridComponents/Markdown.jsx
@@ -65,10 +65,6 @@ const propTypes = {
   deleteComponent: PropTypes.func.isRequired,
   handleComponentDrop: PropTypes.func.isRequired,
   updateComponents: PropTypes.func.isRequired,
-
-  // HTML sanitization
-  htmlSanitization: PropTypes.bool,
-  htmlSchemaOverrides: PropTypes.object,
 };
 
 const defaultProps = {};
@@ -269,8 +265,6 @@ class Markdown extends React.PureComponent {
             ? MARKDOWN_ERROR_MESSAGE
             : this.state.markdownSource || MARKDOWN_PLACE_HOLDER
         }
-        htmlSanitization={this.props.htmlSanitization}
-        htmlSchemaOverrides={this.props.htmlSchemaOverrides}
       />
     );
   }
@@ -379,8 +373,6 @@ function mapStateToProps(state) {
   return {
     undoLength: state.dashboardLayout.past.length,
     redoLength: state.dashboardLayout.future.length,
-    htmlSanitization: state.common.conf.HTML_SANITIZATION,
-    htmlSchemaOverrides: state.common.conf.HTML_SANITIZATION_SCHEMA_EXTENSIONS,
   };
 }
 export default connect(mapStateToProps)(Markdown);

From a63d5d431111f26e558a790b17d3c22c56d8f762 Mon Sep 17 00:00:00 2001
From: geido <diegopucci.me@gmail.com>
Date: Wed, 14 Dec 2022 18:48:44 +0100
Subject: [PATCH 2/2] Move to Handlebars

---
 .../src/components/SafeMarkdown.tsx               | 15 +++++++--------
 .../components/Handlebars/HandlebarsViewer.tsx    | 15 ++++++++++++++-
 .../components/gridComponents/Markdown.jsx        |  8 ++++++++
 3 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/superset-frontend/packages/superset-ui-core/src/components/SafeMarkdown.tsx b/superset-frontend/packages/superset-ui-core/src/components/SafeMarkdown.tsx
index 7ab7e71348412..4db48d426533d 100644
--- a/superset-frontend/packages/superset-ui-core/src/components/SafeMarkdown.tsx
+++ b/superset-frontend/packages/superset-ui-core/src/components/SafeMarkdown.tsx
@@ -25,16 +25,15 @@ import { FeatureFlag, isFeatureEnabled } from '../utils';
 
 interface SafeMarkdownProps {
   source: string;
+  htmlSanitization?: boolean;
+  htmlSchemaOverrides?: typeof defaultSchema;
 }
 
-function SafeMarkdown({ source }: SafeMarkdownProps) {
-  const appContainer = document.getElementById('app');
-  const { common } = JSON.parse(
-    appContainer?.getAttribute('data-bootstrap') || '{}',
-  );
-  const htmlSanitization: boolean = common?.conf?.HTML_SANITIZATION ?? true;
-  const htmlSchemaOverrides: typeof defaultSchema =
-    common?.conf?.HTML_SANITIZATION_SCHEMA_EXTENSIONS || {};
+function SafeMarkdown({
+  source,
+  htmlSanitization = true,
+  htmlSchemaOverrides = {},
+}: SafeMarkdownProps) {
   const displayHtml = isFeatureEnabled(FeatureFlag.DISPLAY_MARKDOWN_HTML);
   const escapeHtml = isFeatureEnabled(FeatureFlag.ESCAPE_MARKDOWN_HTML);
 
diff --git a/superset-frontend/plugins/plugin-chart-handlebars/src/components/Handlebars/HandlebarsViewer.tsx b/superset-frontend/plugins/plugin-chart-handlebars/src/components/Handlebars/HandlebarsViewer.tsx
index 77ebe65a8043f..479da8ac91b65 100644
--- a/superset-frontend/plugins/plugin-chart-handlebars/src/components/Handlebars/HandlebarsViewer.tsx
+++ b/superset-frontend/plugins/plugin-chart-handlebars/src/components/Handlebars/HandlebarsViewer.tsx
@@ -34,6 +34,13 @@ export const HandlebarsViewer = ({
 }: HandlebarsViewerProps) => {
   const [renderedTemplate, setRenderedTemplate] = useState('');
   const [error, setError] = useState('');
+  const appContainer = document.getElementById('app');
+  const { common } = JSON.parse(
+    appContainer?.getAttribute('data-bootstrap') || '{}',
+  );
+  const htmlSanitization = common?.conf?.HTML_SANITIZATION ?? true;
+  const htmlSchemaOverrides =
+    common?.conf?.HTML_SANITIZATION_SCHEMA_EXTENSIONS || {};
 
   useMemo(() => {
     try {
@@ -56,7 +63,13 @@ export const HandlebarsViewer = ({
   }
 
   if (renderedTemplate) {
-    return <SafeMarkdown source={renderedTemplate} />;
+    return (
+      <SafeMarkdown
+        source={renderedTemplate}
+        htmlSanitization={htmlSanitization}
+        htmlSchemaOverrides={htmlSchemaOverrides}
+      />
+    );
   }
   return <p>Loading...</p>;
 };
diff --git a/superset-frontend/src/dashboard/components/gridComponents/Markdown.jsx b/superset-frontend/src/dashboard/components/gridComponents/Markdown.jsx
index 79fccfadc9761..d4a4f7790b096 100644
--- a/superset-frontend/src/dashboard/components/gridComponents/Markdown.jsx
+++ b/superset-frontend/src/dashboard/components/gridComponents/Markdown.jsx
@@ -65,6 +65,10 @@ const propTypes = {
   deleteComponent: PropTypes.func.isRequired,
   handleComponentDrop: PropTypes.func.isRequired,
   updateComponents: PropTypes.func.isRequired,
+
+  // HTML sanitization
+  htmlSanitization: PropTypes.bool,
+  htmlSchemaOverrides: PropTypes.object,
 };
 
 const defaultProps = {};
@@ -265,6 +269,8 @@ class Markdown extends React.PureComponent {
             ? MARKDOWN_ERROR_MESSAGE
             : this.state.markdownSource || MARKDOWN_PLACE_HOLDER
         }
+        htmlSanitization={this.props.htmlSanitization}
+        htmlSchemaOverrides={this.props.htmlSchemaOverrides}
       />
     );
   }
@@ -373,6 +379,8 @@ function mapStateToProps(state) {
   return {
     undoLength: state.dashboardLayout.past.length,
     redoLength: state.dashboardLayout.future.length,
+    htmlSanitization: state.common.conf.HTML_SANITIZATION,
+    htmlSchemaOverrides: state.common.conf.HTML_SANITIZATION_SCHEMA_EXTENSIONS,
   };
 }
 export default connect(mapStateToProps)(Markdown);