"Style" attribute not rendering when allowing HTML

Hi all,

I want to display a gallery of blocks (spans) as a result of my query in a table. When I visualize the output text, I can see the style="display:inline-block;" attribute that I added to my spans or any other style attribute I would add, but as soon as I allow HTML content, my spans are not displayed in the same line and the style attributes disappear from the source code.

Any idea on how to add CSS to the HTML code?

Thank you!

It isn’t just the style attributes that are being stripped out. If you add any attributes to HTML tags being returned from your database, Redash will strip them out. I assume this has to do with safely escaping them. I’m curious if this was a design decision or instead the result of a third party front-end dependency.

Some technical details in addition to @jesse’s answer: yes, we do sanitize any user-provided HTML to avoid XSS and other attacks. Currently we use AngularJS $sanitize for this, which is quite paranoid about all this stuff, so it removes actually almost all tags and attributes. In the near future we’re going to replace it with something else (probably more configurable) and will allow more features.

Currently you can use class attribute and some common classes from Redash stylesheets (please refer to the codebase for a list):
image

2 Likes

Any updates or newer info on this ?

For whatever reason: I had a “styled” html table in a report when I was on hosted, but now I am on self hosted and any style tags are sanitized/removed.

Maybe there is a setting somewhere I am not aware of turn off sanitization ?

Hey @sBham can you share any more details about your case? There’s no enough information in your post to know what is the precise issue.