rusackas opened a new pull request, #40623: URL: https://github.com/apache/superset/pull/40623
### SUMMARY `stateConversion.ts` is the chart-state → ownState converter for the AG Grid table (registered via `registerChartStateConverter`, used on dashboards/Explore/embedded). It builds SQL filter clauses that are interpolated **without quoting**, so the inputs need validation. This hardens three spots: - **Number filter values** are coerced with `Number()` and the filter is **skipped when the value is not finite** (they were previously interpolated as-is, unlike the text branch which already escapes). - **Compound join operators** are restricted to `AND`/`OR` (normalized to upper case); any other value skips the clause (previously `filter.operator` was interpolated raw into the join). - The **column-id-keyed clause map** is created with `Object.create(null)` so user-influenced column ids can't reach prototype keys. This converter previously had **no test coverage**; this adds the first tests for `convertFilterModel` covering numeric validation, the operator allowlist, and the null-prototype map. ### TESTING INSTRUCTIONS ```bash cd superset-frontend && npx jest plugins/plugin-chart-ag-grid-table/test/stateConversion.test.ts ``` 5/5 pass. ### ADDITIONAL INFORMATION - [ ] Has associated issue: n/a - [ ] Changes UI: No - [ ] Includes DB Migration: No - [ ] Introduces new feature or API: No - [ ] Removes existing feature or API: No 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
