codeant-ai-for-open-source[bot] commented on PR #36743: URL: https://github.com/apache/superset/pull/36743#issuecomment-3671303709
## Nitpicks 🔍 <table> <tr><td>🔒 <strong>No security issues identified</strong></td></tr> <tr><td>⚡ <strong>Recommended areas for review</strong><br><br> - [ ] <a href='https://github.com/apache/superset/pull/36743/files#diff-6c11de58a23373e465a47687ff83ed31ad19cd69bf858b8c65da26589e6258a0R193-R210'><strong>Event listener removal bug</strong></a><br>The code adds Docusaurus route listeners with an anonymous callback but attempts to remove them using `handleRouteChange`. Because the added listeners are anonymous functions, removeEventListener will not remove them — causing memory leaks and duplicated handlers on navigation. Verify that listeners are registered with named references so they can be removed during cleanup.<br> - [ ] <a href='https://github.com/apache/superset/pull/36743/files#diff-6c11de58a23373e465a47687ff83ed31ad19cd69bf858b8c65da26589e6258a0R46-R67'><strong>matomoUrl / siteId guard</strong></a><br>The tracker is configured and the matomo script is appended using values from `customFields` (`matomoUrl`, `matomoSiteId`) without validating they exist or are valid strings. If they are undefined or empty the tracker URL will be malformed and matomo.js could fail to load. Consider early-return or validation before using them.<br> - [ ] <a href='https://github.com/apache/superset/pull/36743/files#diff-6c11de58a23373e465a47687ff83ed31ad19cd69bf858b8c65da26589e6258a0R86-R112'><strong>Non-http protocols tracked as external</strong></a><br>`handleLinkClick` uses `new URL(href, window.location.origin)` and treats any link with a different hostname as external. This will categorize `mailto:`, `tel:`, `javascript:`, `data:` and other non-HTTP(S) schemes as "External Link". Consider restricting tracking to `http:`/`https:` (or handling non-HTTP schemes differently).<br> - [ ] <a href='https://github.com/apache/superset/pull/36743/files#diff-6c11de58a23373e465a47687ff83ed31ad19cd69bf858b8c65da26589e6258a0R115-R145'><strong>Algolia observer may add duplicate listeners</strong></a><br>The MutationObserver attaches an `input` listener on discovered search inputs but does not guard against adding duplicate listeners if the same input is re-added or detected multiple times. This can produce multiple tracking events per user action. Consider marking inputs as instrumented or check for an existing handler.<br> </td></tr> </table> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
