* Initial working prototype
* Small fixes
* Refactoring dekgl
* Show all data when no time grain is selected
* Refactor layers
* Standardize function name
* Fix exports
* Fix require
* Initial working prototype
* Small fixes
* Show all data when no time grain is selected
* Moving play bar to correct location
* Split component
* Working on CSS
* Remove control
* Positioning the play slider
* Fix refresh of slider state
* Fix lint
* Small fixes
* Smoother animation for scans
* Fix versions
* Play/pause with spacebar.
* Small fixes
* Clean stuff that went to other PRs
* Address issues
* Refactor scatter animation
Moving to a grid that is 4 times more granular. 48 columns.
Shipping a db migration script which will upgrade the position metadata
to reflect this change.
Also adapting the examples to the new grid parameters.
* [Explore view] Use POST method for charting requests
* fix per code review comments
* more code review fixes
* code review fix: remove duplicated calls for getting values from request
* [Explore view] Use POST method for charting requests
* fix per code review comments
* more code review fixes
* code review fix: remove duplicated calls for getting values from request
* [geo] introduce "Auto Zoom" control
On geospatial visualization, checking the "Auto Zoom" control makes it
such that the viewport is fitted to the data upon rendering the chart.
For dashboards with region filters, the map should jump to the right
position.
Eventually we should enhance this to fly and ease to the position in an
animated way.
* Added TODO notes
This fixes an issue with the newer Google's DBAPI library, which moved Row from google.cloud.bigquery._helper.Row to google.cloud.bigquery.Row, causing ImportError
* Switched yaml.load to yaml.safe_load to prevent code execution via crafted yaml files
Python's yaml.laod can lead to code execution via crafted yaml files such as:
```
code_exec: !!python/object/apply:subprocess.check_output ['ls']
```
* Fixed XSS via bleach
It was possible to get an XSS via the markdown library via simply setting a description containing arbitary HTML tags.
It was also possible to create links that went to the `javascript:` link handler (eg `[example](javascript:alert(0)`)
Using bleach to sanitize it solves both of these.
* Added XFO header by default to prevent clickjacking attacks
Note that with this application clickjacking can be relatively severe via the SQLLab functionality
which allows executing arbitary SQL.
* Added justification for dangerouslySetInnerHTML
* Fixed linting errors
* Fixed linting errors
* Add permissions checks for save_or_overwrite_slice
* Change is_owner to check_ownership
* Add translation to chart and dashboard error messages
* Appease the python linter by using single quotes
Druid sometimes returns error message that are contained in "<>", as in
`<urlopen error [Errno 61] Connection refused>`. Since Superset's
approach is often to bubble up messages coming from external library,
it's impossible to predict whether it will contain special characters.
There are some cases where our error handling does return some html
(presto?),
but we should manage that upstream. Plus the current setup has security concerns,
so let's move away from that.
fillna would miss out on identifying STRING columns for Druid and
replace None in string columns with a numeric `0`. This
mixed type column would confuse
pandas down the line on some operations like `df.pivot_table`.
Though flask has a builtin web debugger, ipdb some times still work
better. So I think add ipdb to dev dependencies is a good option for
people who prefer CLI debugging.
* cast postgresql date_trunc() to timestamp without time zone to prevent pandas error
* fix formatting for flake8
* change cast to timezone conversion instead
* Update installation.rst for Ubuntu 16.04 LTS
Ubuntu 16.04 by default install python2.7 alongside with python 3.5 and set python2.7 as default. If you have created a virtualenv with python3.5 compilation fails due to wrong python-dev library installed.
If you install ``python3.5-dev`` the build for the wheel package of ``cryptography`` run fine.
* Add options in D3_TIME_FORMAT_OPTIONS for non-english Time Format.
Added '%d/%m/%Y' and '%d/%m/%Y %H:%M:%S' as valid drop-down option for Axis Format