Business Intelligence Tools / Developers Corner

Spotfire Admin — HTML Sanitation

  • Are unsupported HTML tags confusing and maddening?
  • Have you ever experienced problems getting JavaScript to work in Spotfire?
  • Would you like to make text areas look more visually appealing and professional?

If you answered yes to any of the questions above, consider changing the Spotfire HTML Sanitation setting.

What is HTML Sanitation?

Since I’m not an HTML expert, I’ll turn to Wikipedia for the definition — HTML sanitization is the process of examining an HTML document and producing a new document that preserves only whatever tags are designated “safe” and desired.  Sanitization can protect against cross-site scripting (XSS) attacks by sanitizing any HTML code submitted by a user.

HTML Sanitation in Spotfire

Spotfire turns HTML sanitation on by default.  Turn sanitation off in the Administration Manager > Everyone Group > Preferences tab > Text area settings > Set to False (shown below).

Administration Manager

Note: If you do not see the Preferences tab, it is because you do not have the right permissions to view/edit.  In this case, you’ll most likely need to contact an administrator.

Before changing this setting, consider two things.

  1. What’s the risk of turning it off?
  2. Are text areas more appealing with sanitation turned off versus on?

What’s the Risk?

This TIBCO Community article does a great job of explaining the history of sanitation in Spotfire, as well as why the default setting is what it is and what the risks of turning it off are.  In addition to the TIBCO community commentary, I would also consider the following:

  • What general security is already in place in/for your Spotfire environment?
  • Is scripting enabled in your Spotfire environment?
  • How many Spotfire users know how to add HTML and JavaScript to the text areas?

Answering these questions will help you decide whether or not to turn sanitation off or not.

What’s the Difference?

When sanitation is turned on, many tags are invalidated or not supported.  The list below contains a sampling of the tags invalidated with sanitation turned on.

  • html
  • title
  • body
  • style
  • mark
  • sub
  • sup
  • small
  • center
  • …..I’m sure there are lots more.

In case you haven’t seen an unsupported tag error, here is what it looks like when you edit HTML.

Unsupported tag

In terms of making analysis look more professional, here is an example of code that uses the <style> tag.  The screenshots below demonstrate what the text area looks like with sanitation on versus off.  As you can see, when the <style> tag is invalidated (sanitation on), the text area is much less attractive.



Text Area Invalidating <style>

Without Style Tag

Text Area Using <style>

With Style Tag


As you can see, being able to use the <style> tag makes this text area much more attractive, and from a coding perspective, being able to use the <style> tag in and of itself is also helpful and more efficient than what you would have to write without it.  In conclusion, if the risk is acceptable, turn off sanitation.  The result will help beautify text areas and make working with HTML easier!


9 thoughts on “Spotfire Admin — HTML Sanitation

  1. Pingback: Administration Manager Preferences - Data Shop Talk

  2. Pingback: Create a Button Style with HTML & CSS - Data Shop Talk

  3. Pingback: Unscrambling the Spotfire Text Area - Data Shop Talk

  4. Pingback: Intro to HTML - Part 1 - Data Shop Talk

  5. Pingback: Incorporating JavaScript into Spotfire Text Areas - Data Shop Talk

  6. Pele Reply

    hi, Julie
    I created a cross table in Spotfire.
    I created the table and added values using calculated values.But I have no idea how to set the background color dynamically.
    by set condition
    Red= Production≧50
    Yellow= 50>Production≧30
    Green= Production<40
    Please help me.

    • Julie Sebby Reply

      Calculated values are used in text areas not in cross tables. I will assume that you mean that you put more than one value on the x axis of the cross table. That part is actually really important because the use of color changes depending on whether you have 1 or more than 1 value on the x axis and how many columns you have on the y and z axis. This is why working with color in cross tables is a little complicated. I think you just need to go to properties, colors, and click the add rule button. Then you can easily add what you have described above.

Leave a Reply

Your email address will not be published. Required fields are marked *