Daniel Marsh-Patrick
Daniel Marsh-Patrick

HTML Content (lite) 1.4 - New Features

HTML Content (lite) 1.4 - New Features

As HTML Content (lite) is a certified custom visual, it takes a little longer to get through the approval process with Microsoft, but this has now been approved and will be delivered to reports within the next couple of weeks.

All the changes outlined in the original post about HTML Content 1.4’s changes are included here. You can read more about those changes and see some short videos in that post (along with links to the standalone build and workbook if you want to play around sooner).

As promised, there are a couple of extra things in this release that are specific to the certified edition, so I’ll cover these off here.

More Permissive HTML Attributes

The code that handles sanitisation of the HTML in your columns or measures, and guarantees that the output complies to certification rules has been improved to allow more of the HTML specification, while still being regarded as safe and trustworthy.

For HTML tags, this means that you will now have access to most attributes, such as class, style and others, which will help you to produce much richer content, generally increase the utility of this edition and bring it closer (but not quite) to the uncertified version in terms of what can be done.

SVG

SVG was previously blocked because it was a big ask to get it working in the original certification request, due to there being a few known vulnerabilities that would take a lot of effort to manage if thie intial certification attempts for 1.3 proved non viable.

This update now adds the work to allow most of the SVG elements, so that the majority of SVG use cases that the uncertified visual could manage should be possible. All currently specified elements will be permitted, with the exception of:

  • <foreignObject>
  • <script>
  • <use>

The documentation site will be updated soon to include this new information.

Disclaimer

It is always possible that if future vulnerabilities become known, or Microsoft’s certification rules change, we may have to make further changes to this whitelist in future, but I hope that the majority of use cases for the visual will be covered. Although, it’s been used in many ways I never anticipated, so maybe not!

This has been challenging to work through, but I’m hoping that for those of you that have been asking for a certified visual, this release (plus the interactivity features) will give you a lot of scope for your visual needs but still offers the assurance of a certified third party visual. I hope that you are able to do great things!

All the best!

DM-P

comments powered by Disqus