Welcome @psdavis
By default, and for security reasons, all HTML content created by tools is “sanitized”.
Configuration options in the docs → Configuration Options — Galaxy Project 24.2.1.dev0 documentation
Configuration options location → galaxy.yml (permalink in the code base)
# Sanitize all HTML tool output. By default, all tool output served
# as 'text/html' will be sanitized thoroughly. This can be disabled
# if you have special tools that require unaltered output. WARNING:
# disabling this does make the Galaxy instance susceptible to XSS
# attacks initiated by your users.
#sanitize_all_html: true
# Datasets created by tools listed in this file are trusted and will
# not have their HTML sanitized on display. This can be manually
# edited or manipulated through the Admin control panel -- see "Manage
# Allowlist"
# The value of this option will be resolved with respect to
# <managed_config_dir>.
#sanitize_allowlist_file: sanitize_allowlist.txt
When enabled, tools can be added to the server Allowlist and then HTML graphical content created by those tools can be rendered and displayed directly inside of Galaxy. This is something that you will probably want to manage directly and with a person, especially if your server is exposed on the internet. But you can set it to false of course!
How it works
Log into Galaxy with your admin account, click on the lower (red) Admin icon in the left navigation bar, then choose Manage Allowlist.
- All installed tools are initially listed in the first HTML Sanitized tab
- Each tool can be toggled into the HTML Rendered tab
- If the tool version is excluded from the
tool_idthen all versions will be captured and moved over (added with a direct change to yoursanitize_allowlist.txt, not via the UI).
XRef
Hopefully this helps but please let us know if it actually does or if you have any followup questions! 