You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#480 introduced text sanitization, which makes perfect sense in the default case (especially for values coming from APIs).
Sometimes however one would explicitly want to do that while ensuring it is safe, which includes setting "static" column names, descriptions, ... For example, adding a little info-icon to the column name showing some tooltip is currently not possible:
Good point, I would expect the user to simply see the HTML-string, i.e. when I mark a column as unsafe I am also responsible for disabling the rename (if I want that). If a user adds renames an unsafe column to something containing HTML, it should "execute" that I suppose. That's just my very first idea, I am open to suggestions.
#480 introduced text sanitization, which makes perfect sense in the default case (especially for values coming from APIs).
Sometimes however one would explicitly want to do that while ensuring it is safe, which includes setting "static" column names, descriptions, ... For example, adding a little info-icon to the column name showing some tooltip is currently not possible:
![image](https://user-images.githubusercontent.com/51900829/151113368-025d2bb7-962e-4844-9425-43ab55bfc0dd.png)
User story
We want to show additional HTML in the column headers (and only the headers, not values, etc. for now). The relevant lines were introduced here: https://github.com/lineupjs/lineupjs/pull/480/files#diff-405214671f4c41381345a91ca70d7dd417bbec1bbcb6db6cdd2406e3268114eaR35-R43
Would it be possible to add an
unsafeLabel
orhtmlLabel
property/flag to the column description to explicitly allow HTML (default should remain safe)?The text was updated successfully, but these errors were encountered: