timfursov opened a new issue, #33500:
URL: https://github.com/apache/superset/issues/33500
### Bug description
When creating a chart, if error massage contains html tag, `Unexpected error
Bad request` is shown instead of an actual error.
However `api/v1/chart/data` responds with the full error text in `message`
which makes me think that it has something to do with the ui trying to prevent
XSS attacks.
I tried to play with `HTML_SANITIZATION` but it seems that nothing changes.
**How to reproduce**
1. Create a new chart
2. Create a custom metric with `<a>` in the expression
3. Press "UPDATE CHART"
4. If your db connector usually displays problematic query in the message
error, instead of an actual error `Unexpected error Bad request` will be shown.
**Expected result**
`Unexpected error` and an actual error message returned by api in response
like below
```
Unexpected error
Error: HTTPDriver for [your clickhouse host] received ClickHouse error code
62
Code: 62. DB::Exception: Syntax error: failed at position 37 ('<') (line 1,
col 37): <a> AS `My column_b77020`
FROM (select number from numbers(10)
) AS `virtual_table`
LIMIT 1000
FORMAT Native. Expected one of: expression with optional alias, element of
expression with optional alias, lambda expression, CAST operator, NOT,
INTERVAL, CASE, DATE, TIMESTAMP, tuple, collection of literals, array, number,
literal, NULL, NULL, Bool, TRUE, FALSE, string literal, asterisk, qualified
asterisk, compound identifier, identifier, COLUMNS matcher, COLUMNS, qualified
COLUMNS matcher, function name, substitution, MySQL-style global variable, end
of query. (SYNTAX_ERROR) (version [your clickhouse version] (official build))
```
### Screenshots/recordings
<img width="1666" alt="Image"
src="https://github.com/user-attachments/assets/396f5cf2-2291-4143-a2c5-50e56c67eedc";
/>
### Superset version
master / latest-dev
### Python version
3.10
### Node version
18 or greater
### Browser
Chrome
### Additional context
_No response_
### Checklist
- [ ] I have searched Superset docs and Slack and didn't find a solution to
my problem.
- [x] I have searched the GitHub issue tracker and didn't find a similar bug
report.
- [ ] I have checked Superset's logs for errors and if I found a relevant
Python stacktrace, I included it here as text in the "additional context"
section.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
