A clear and concise description of what the bug is.
How to reproduce the bug
- Create a deck.gl Scatterplot chart
- Edit Javascript Tooltip Generator. Simple example: d =>
<div>Hello</div> - Hover dot in map
- See error
Expected results
An tooltip should appear displaying the text 'Hello'.
Actual results
Error inesperado Ocurrió un error al crear la visualización: Error: Minified React error #31; visit https://reactjs.org/docs/error-decoder.html?invariant=31&args[]=EvalError%3A%20Refused%20to%20evaluate%20a%20string%20as%20JavaScript%20because%20'unsafe-eval'%20is%20not%20an%20allowed%20source%20of%20script%20in%20the%20following%20Content%20Security%20Policy%20directive%3A%20%22script-src%20'self'%20'strict-dynamic'%20'nonce-7YhSVYVgXPwTb47yYC7dn0ioWx2nmvJv'%22.%0A&args[]= for the full message or use the non-minified dev environment for full errors and additional helpful warnings.
If I use the Google Content-Security-Policy extension, this error does not occur, and the tooltip is displayed correctly, but I need a solution that doesn't involve using the Google extension.
Screenshots
Environment
(please complete the following information):
- browser type and version:
- superset version: 3.0.1
- python version: 2.7.16`
- node.js version: v16.19.0
- any feature flags active: FEATURE_FLAGS = {"ALERT_REPORTS": True, "ENABLE_JAVASCRIPT_CONTROLS":True, "DASHBOARD_RBAC":True}
Checklist
Make sure to follow these steps before submitting your issue - thank you!
- [x] I have checked the superset logs for python stacktraces and included it here as text if there are any.
- [x] I have reproduced the issue with at least the latest released version of superset.
- [x] I have checked the issue tracker for the same issue and I haven't found one similar.
Comment From: mike-fischer1
Having same issue.
Comment From: mike-fischer1
Any progress?
Comment From: sergio-misa-imatia
No :(
I still have the same problem.
Comment From: mike-fischer1
yeah, this is still a problem. Can someone please fix
Comment From: mike-fischer1
any updates?
Comment From: dkrat7
I tested JS tooltip in the 3.1.0 release and it works. I disabled superset security features for test (Talisman, html sanitization).
Comment From: mike-fischer1
I just tested with 3.1.0 same error.
Comment From: dkrat7
It works like this:
d => '<div>Hello</div>'
https://github.com/apache/superset/assets/9586713/3d8fb415-1976-4262-b2ca-6c893730d385
Comment From: cisco90
I'm using v3.1.0 chart type DECK.GL POLYGON
on JavaScript tooltip generator
d => '<div>Hello</div>'
set HTML_SANITIZATION= false
and still not working
EDIT: in order to solve this issue I set bot
HTML_SANITIZATION = False
TALISMAN_ENABLED = False
Comment From: s33k3rs
It's fine for me in superset version: 3.1.0 or maybe in another version
- Add
"ENABLE_JAVASCRIPT_CONTROLS": Trueinto FEATURE_FLAGS in superset_config.py - Add edit "'unsafe-eval'" into TALISMAN_CONFIG in config.py
Comment From: rusackas
Based on the comment above (thanks @s33k3rs) it seems like things are working in the latest version with proper config. Calling this closed, but we can re-open if warranted, or people can create new issues with updated context. Thanks!
Comment From: salvatorecolori
Hi there, sorry for my support request. I'm trying to use javascript tooltips con deck.gl heatmap and other deck.gl chart, but it works only on scatterplot chart. Using js tooltips on deck.gl heatmap, produce an "javascript Uncaught TypeError: Cannot read properties of undefined (reading 'extraProps')". Extra fields are correctly filled in. If I copy-paste js tooltips code from Scatter to Heatmap, I receive the error. Talisman is set as FALSE.
Comment From: lgz192
Good friend, have you found a solution? I also encountered this problem in 4.1.1, the extraPropsa property does not exist in the Javascript Tooltip Generator of heatmap
Comment From: torzsmokus
2. Add edit "'unsafe-eval'" into TALISMAN_CONFIG in config.py
But this introduces a security risk, one should not blindly do that