Hi! I want to add CartoDB maps to my dashboard. I have the iframe code to embed it, but have no idea how to added it to my dashboard. Please, help
This site is in read only mode. Please continue to browse, but replying, likes,
and other actions are disabled for now.
arikfr
2
You can try pasting the iframe embed code in a dashboard text box widget. If it doesn’t show up, it means <iframe> is one of the tags we filter, and you will need to update the code to make it work or disable HTML sanitization. Disabling HTML sanitization might be dangerous depends on who you let access your Redash.
Hello @arikfr, I’m sorry to make this old discussion alive again, but I would like, like @dulce.ambrocio, to include a dynamic map in an embed or iframe tag.
I search over the git repo to find where html sanitization is set but I can’t find it
Could you tel me where to search more precisely ?
Thanks a lot.
1 Like
agnoldo
4
+1 here! I’d love to use some Google Charts visualizations (or from any other source) and using iframes would be a viable solution but I couldn’t enable them on Redash self-hosted…
Thanks in advance.
Hey 
I tried adding REDASH_ALLOW_SCRIPTS_IN_USER_INPUT to the ENV file and run the command docker-compose up -d in order to make use of the updated env file.
But Redash is still escaping the iframe i entered in the text box widget. Any clues on how to make it work? 
jesse
6
I looked into this. Redash uses ngSantize on user inputs.
The whitelist for URL sanitization of attribute values is configured using the functions
aHrefSanitizationWhitelistandimgSrcSanitizationWhitelistof$compileProvider.
I think you can override this by making changes to redash/app/client/services/ng.js (link).
Note
We’re migrating away from Angular to React. So this procedure is guaranteed to change once that happens. Just something to keep in mind prior to a future upgrade.
1 Like
Tried with REDASH_ALLOW_SCRIPTS_IN_USER_INPUT, and it is still not possible to embed an iframe.