HTML Sanitization

On this Page
Docs Menu

HTML sanitization is on by default and can't be edited. If you need greater control, please contact Looker Support to discuss enabling the following features.

Allowed HTML Tags

By default, the following tags will be rendered in the browser:

a, img, div, p, li, p, br, font, ul, ol, table, tr, td, strong, em, i, b, u

Any other tags will be stripped from rendered html.

For instance, the following html:

<div class="pretty"><badtag></badtag></div>

will be rendered as:

<div class="pretty"></div>

Allowed HTML Attributes

By default the following attributes will be rendered in the browser:

href, src, height, width, target, align, style

Any other attributes will be stripped from rendered html.

For instance, the following html:

<div class="pretty" badattr="uh-oh"></div>

Will be rendered as:

<div class="pretty"></div>

Modifying Tag / Attribute Whitelist

In order to use tags / attributes outside the set of default tags and attributes, one must explicitly add them to the white list.

Navigate to the Admin LookML Security tab:

Add the desired tags to HTML tag whitelist and attributes to HTML attributes whitelist. Click the Update Settings button to confirm the changes.

To revert back to the default tags, click the Restore Defaults button:

<script> tags present a major security vulnerability and cannot be added to the whitelist

Still have questions?
Go to Discourse - or - Email Support
Top