Replies: 1 comment
-
|
Superset enforces a strict Content Security Policy (CSP) that blocks most inline JavaScript, including event handlers like onclick and <script> tags from user content, even if you add a nonce. This is intentional for security reasons and not a misconfiguration. Only scripts with a valid nonce generated by the backend (using the Jinja macro csp_nonce()) can run, and even then, user-supplied HTML is sanitized to remove scripts and event handlers to prevent XSS attacks. So, adding JS functions like onClick directly in your Handlebars template or HTML won't work in Superset by design docs. If you need interactive behavior, you’ll need to implement it in a custom Superset plugin or extension, not via inline scripts or HTML in dashboards. To reply, just mention @dosu. How did I do? Good | Irrelevant | Incorrect | Verbose | Hallucination | Report 🐛 | Other |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
`<div class="data-container" onclick="console.log('Hello')" data-action="view-details"data-action="view-details">
Date Range:
{{stringify data.[0].order_date}} - {{stringify data.[0].next_date}}
Previous Average:
{{stringify data.[1].current_order}}
This was code was working halfway, only HTML and CSS works
How can I able to add js functions such as onClick
Beta Was this translation helpful? Give feedback.
All reactions