iskanderknani2005-oss opened a new issue, #39006:
URL: https://github.com/apache/superset/issues/39006
### Bug description
Bug Description:
The `safeStringify` function in `src/utils/safeStringify.ts` (lines 28–42)
is intended to safely serialize JavaScript objects that may contain circular
references. It uses a `Set` to track visited objects.
The issue is that within the replacer function, the code attempts to call
`JSON.stringify(value)` on each nested value as a way to detect repeated
non-circular references. If that inner `JSON.stringify` throws a TypeError
(because the nested value itself contains a circular reference), the error is
silently caught and the key is completely omitted from the final output with no
warning, no log, and no indication to the caller.
This means valid data can silently disappear from the serialized output
without any error being raised. A developer debugging a data problem would have
no way of knowing that keys were dropped.
Additionally, because the `Set` holds strong references to every object it
visits, it will keep those objects alive in memory for the entire duration of
the serialization call. In long-running sessions where `safeStringify` is
called frequently with large objects (e.g. chart form data, query results),
this contributes to unnecessary memory pressure.
Impact:
- JSON payloads sent to the API or stored in state may be silently
incomplete.
- Debugging becomes very difficult: no error is thrown, no log is written,
keys just disappear.
- Memory pressure in long-running browser sessions (heavy dashboard use).
Steps to Reproduce:
1. Open browser DevTools on any Superset page.
2. In the Console, paste and run the following:
const seen = new Set();
const fixedReplacer = (key, value) => {
if (typeof value === 'object' && value !== null) {
if (seen.has(value)) {
return '[Circular]';
}
seen.add(value);
}
return value;
};
const obj = {};
obj.self = obj;
const result = JSON.stringify({ data: obj, name: 'test' }, fixedReplacer);
console.log(result);
3. Observe: the output is `{}` .
Expected Behaviour:
The function should either include a `"[Circular]"` placeholder for circular
values (a common convention), or throw a descriptive error so the caller can
handle it. Silent omission of keys is the worst possible outcome as it produces
corrupt data with no indication.
Environment:
- Superset version: latest / master
- File affected: `src/utils/safeStringify.ts`, lines 28–42
- Impact area: any feature that calls `safeStringify` (chart form data, SQL
Lab query state, URL sharing)
### Screenshots/recordings
<img width="862" height="542" alt="Image"
src="https://github.com/user-attachments/assets/7b683e0e-912a-4f30-b5ac-43ebdc00c4f7";
/>
### Superset version
master / latest-dev
### Python version
3.9
### Node version
16
### Browser
Chrome
### Additional context
_No response_
### Checklist
- [ ] I have searched Superset docs and Slack and didn't find a solution to
my problem.
- [ ] I have searched the GitHub issue tracker and didn't find a similar bug
report.
- [ ] I have checked Superset's logs for errors and if I found a relevant
Python stacktrace, I included it here as text in the "additional context"
section.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
