Dangerous link detected error after upgrading to Dash 2.15.0

Question

Dangerous link detected error after upgrading to Dash 2.15.0

emilhe opened this issue 5 months ago · comments

Emil Haldrup Eriksen commented 5 months ago

dash                      2.15.0
dash-bootstrap-components 1.5.0
dash-core-components      2.0.0
dash-extensions           1.0.12
dash-html-components      2.0.0
dash-iconify              0.1.2
dash-mantine-components   0.12.1
dash-table                5.0.0

After upgrading to Dash 2.15.0, I have apps that are now breaking with Dangerous link detected errors, which are emitted when I use Iframe components to display embedded data, e.g. PDF files. Here is a small example,

import base64
import requests
from dash import Dash, html

# Get a sample PDF file.
r = requests.get("https://www.w3.org/WAI/ER/tests/xhtml/testfiles/resources/pdf/dummy.pdf")
bts = r.content
# Encode PDF file as base64 string.
encoded_string = base64.b64encode(bts).decode("ascii")
src = f"data:application/pdf;base64,{encoded_string}"
# Make a small example app.
app = Dash()
app.layout = html.Iframe(id="embedded-pdf", src=src, width="100%", height="100%")

if __name__ == '__main__':
    app.run_server()

I would expect the app would continue to work, displaying the PDF, like it did in previous versions.

I guess the issue is related to the fixing of XSS vulnerabilities as mentioned in #2743 . However, I am not sure why it should be considered a vulnerability to display an embedded PDF file.

Ann Marie Ward · Answer 1 · Mon Feb 19 2024 04:26:05 GMT+0800 (China Standard Time)

Please see more information in this forum discussion:
https://community.plotly.com/t/dangerous-link-detected-error-in-dash-debug-window-after-upgrading-from-2-14-2-to-2-15-0/82311/3