chore: Reduce and restrict innerHTML use

[rusackas]

SUMMARY

innerHTML is gross... this PR adds linting rules to restrict use of this method, and replaces or annotates existing usage.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

There are a few plugins that were touched that need testing:

• Chord
• Heatmap
• NVD3

Dynamic plugins have their web URL bundle sanitized... this should work, but if not, very few people will be affected since this is an Alpha feature.

Icon file paths are also being sanitized - we should check for these in general, though it seems things should work.

ADDITIONAL INFORMATION

• Has associated issue:
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[rusackas]

this can be used for images, or anywhere else we need to process a file path.

[rusackas]

This can be used to sanitize urls to remove evil content

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (d2adc85) 69.19% compared to head (7c65fc7) 69.18%.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #26214      +/-   ##
==========================================
- Coverage   69.19%   69.18%   -0.01%     
==========================================
  Files        1945     1944       -1     
  Lines       75928    75882      -46     
  Branches     8453     8441      -12     
==========================================
- Hits        52537    52502      -35     
+ Misses      21207    21201       -6     
+ Partials     2184     2179       -5     

Flag	Coverage Δ
hive	53.68% <ø> (ø)
mysql	78.10% <ø> (+0.02%)	⬆️
postgres	78.19% <ø> (ø)
presto	53.64% <ø> (ø)
python	82.88% <ø> (-0.01%)	⬇️
sqlite	76.85% <ø> (ø)
unit	55.81% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[rusackas]

The old way is fine, but this is less icky. I'm NOT sure why this wasn't called out by eslint in any of these plugins. But, this should work fine (let's test to make sure)

[rusackas]

This'll need tests for superset-ui-core utils added if we want to bother with that approach.

[nytai]

👍 this approach looks good and should help with any future issues in this area. Not sure why the frontend build is failing. Would be good to bring up an ephemeral env to test this more thoroughly

[rusackas]

Can't bring up the ephemeral env without the build passing. Perhaps I overshot the mark here... I'll close this and open more incremental PRs to see what passes/fails.