Hi,

Based on my experience, achieving advanced formatting in a Streamlit app is possible when the allow_unsafe_html tag is set to True, which could potentially lead to security problems and vulnerabilities.

However, what if the Streamlit app is hosted on a server where encryption and other security aspects are managed? For instance, through NGINX configuration, the site employs Let’s Encrypt, and all user inputs are sanitized.

As I am relatively new to this topic, I am eager to understand under what circumstances we can allow unsafe HTML, provided that the site is protected through other tools (such as NGINX configuration, Let’s Encrypt, firewall settings, user input sanitation).

I would greatly appreciate detailed insights on these aspects. The reason being, I’d like my Streamlit app to adhere to ISO 27000 standards while still utilizing more advanced styling elements. OS: AlmaLinux 9

Thank you for your help and detailed explanation!

Does somebody can elaborate for this topic pls? Thanks a lot!