Dashboards & Visualizations

How do I display a token value unescaped in an HTML panel?

petom
Path Finder

I have the following simple dashboard in Simple XML format to test displaying of autogenerated html code. The html code is stored in a token.

<dashboard>
  <label>HTML Test</label>
  <init>
    <set token="testHtml"><![CDATA[<b>Hi there!</b>]]></set>
  </init>
  <row>
    <panel>
      <html>
        $testHtml|n$
      </html>
    </panel>
  </row>
</dashboard>

However, I am unable to display it as a proper HTML formatted output. It always gets escaped and I see raw HTML code instead of formatted text, meaning I get

<b>Hi there!</b>

instead of

Hi there!

According to the documentation for Tokens, syntax $token|n$ should return unescaped content, which I would assume, in my case, would be a raw HTML, which gets rendered by the browser.

Does anybody have experience with this?

I don't want to convert it to an HTML dashboard. I would like to use it Simple XML. And yes, I could upload a JavaScript, which could do it for me. But focus here is, why the documented syntax does not work.

0 Karma

alex_tc80
Explorer

Escaping prevents using a single <set token> to set multiple values on a multiple select box .
You need to use <set token> multiple times for each value to be set.

https://community.splunk.com/t5/Dashboards-Visualizations/pass-multiple-values-to-multiselect-box-fr... ) 

0 Karma

niketn
Legend

@petom using token to create HTML content in your dashboard could be dangerous (depending on how token is being set in the first place). Which is the reason why it is treated as string and html tag. You can use Simple XML JS extension to add HTML content using token through jquery. Refer to one of my older answers:

https://answers.splunk.com/answers/324828/render-html-code-from-search-result-in-splunk-dash.html

Also, as an alternate to avoid JS, instead of passing rich html content can you not just send the token text and have html panel with html formatting/tags that you need?

Refer to the following run anywhere code:

<dashboard>
  <label>Unescaped HTML code</label>
   <init>
     <set token="testHtml">Hi there</set>
   </init>
   <row>
     <panel>
       <html depends="$testHtml$">
        <b>$testHtml$</b>
       </html>
     </panel>
   </row>  
</dashboard>
____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

petom
Path Finder

@niketnilay, I don't really agree with you that the token value should be escaped in html regardless.
As per Splunk documentation, there is a token filter available in the form of $token|h$, which will make it secure by escaping html. There are also other filters available for other cases / requirements.

I fully understand if Splunk decided to make html escaping in html panel as a default token filter. However, $token|n$ filter says Prevents the default token filter from running. No characters in the token are escaped. and it does not work.
There can be cases, why we may want to apply no filters.

Regarding JS, I am fully aware of it and I have already done some development with it as well as I've done a dashboard fully in HTML format (with javascript of course), rather than Simple XML, before.
In this particular case I have some silly limitations of the project and I cannot really upload any resource files (images, javascript, etc.). So I am just sort of stuck with Simple XML.

As I mentioned in my question, focus is on pure Simple XML. And actually why the documented feature is not working.

Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...