Dangerous link detected error after upgrading to Dash 2.15.0
emilhe opened this issue · comments
dash 2.15.0
dash-bootstrap-components 1.5.0
dash-core-components 2.0.0
dash-extensions 1.0.12
dash-html-components 2.0.0
dash-iconify 0.1.2
dash-mantine-components 0.12.1
dash-table 5.0.0
After upgrading to Dash 2.15.0, I have apps that are now breaking with Dangerous link detected
errors, which are emitted when I use Iframe
components to display embedded data, e.g. PDF files. Here is a small example,
import base64
import requests
from dash import Dash, html
# Get a sample PDF file.
r = requests.get("https://www.w3.org/WAI/ER/tests/xhtml/testfiles/resources/pdf/dummy.pdf")
bts = r.content
# Encode PDF file as base64 string.
encoded_string = base64.b64encode(bts).decode("ascii")
src = f"data:application/pdf;base64,{encoded_string}"
# Make a small example app.
app = Dash()
app.layout = html.Iframe(id="embedded-pdf", src=src, width="100%", height="100%")
if __name__ == '__main__':
app.run_server()
I would expect the app would continue to work, displaying the PDF, like it did in previous versions.
I guess the issue is related to the fixing of XSS vulnerabilities as mentioned in #2743 . However, I am not sure why it should be considered a vulnerability to display an embedded PDF file.
Please see more information in this forum discussion:
https://community.plotly.com/t/dangerous-link-detected-error-in-dash-debug-window-after-upgrading-from-2-14-2-to-2-15-0/82311/3