codeant-ai-for-open-source[bot] commented on code in PR #40929:
URL: https://github.com/apache/superset/pull/40929#discussion_r3386583609
##########
superset-frontend/src/dashboard/containers/DashboardPage.tsx:
##########
@@ -223,7 +223,24 @@ export const DashboardPage: FC<PageProps> = ({ idOrSlug }:
PageProps) => {
dataMask = await getFilterValue(id, nativeFilterKeyValue);
}
if (isOldRison) {
- dataMask = isOldRison;
+ // Normalize legacy `currentState` → `filterState`. Pre-2021 URLs
stored
+ // per-filter selections under `currentState`; modern dataMask uses
+ // `filterState`. Without this copy the filter panel shows no active
+ // selections even though extraFormData still applies the query filter.
+ if (typeof isOldRison === 'object' && isOldRison !== null) {
+ dataMask = Object.fromEntries(
+ Object.entries(
+ isOldRison as Record<string, Record<string, unknown>>,
+ ).map(([filterId, entry]) => [
+ filterId,
+ entry?.currentState && !entry?.filterState
+ ? { ...entry, filterState: entry.currentState }
+ : entry,
+ ]),
+ );
+ } else {
+ dataMask = isOldRison;
+ }
Review Comment:
**Suggestion:** `getUrlParam(URL_PARAMS.nativeFilters)` returns a raw string
when Rison decoding fails, and this branch assigns that string directly to
`dataMask`. `hydrateDashboard` and downstream data mask logic expect an object
map, so malformed `native_filters` URLs can push an invalid state shape and
break filter handling. Guard this path by accepting only object values and
falling back to `{}` (or preserving the previous `dataMask`) for non-object
results. [api mismatch]
<details>
<summary><b>Severity Level:</b> Major ⚠️</summary>
```mdx
- ❌ Malformed native_filters URLs corrupt dashboard dataMask state.
- ⚠️ Native filter state and panel UI may behave unexpectedly.
```
</details>
<details>
<summary><b>Steps of Reproduction ✅ </b></summary>
```mdx
1. In `superset-frontend/src/constants.ts` lines 14-17,
`URL_PARAMS.nativeFilters` is
defined with `{ name: 'native_filters', type: 'rison' }`, so calls to
`getUrlParam(URL_PARAMS.nativeFilters)` are treated as Rison-encoded values.
2. In `superset-frontend/src/utils/urlUtils.ts` lines 95-103, the
`getUrlParam`
implementation for `type: 'rison'` runs `rison.decode(urlParam)` and, on
decode error,
returns the raw string: `catch { return urlParam; }`, so malformed or
non-Rison
`?native_filters=` values produce a non-null string.
3. In `superset-frontend/src/dashboard/containers/DashboardPage.tsx` within
`getDataMaskApplied` (shown in the excerpt as lines 200-45), `const
isOldRison =
getUrlParam(URL_PARAMS.nativeFilters);` is computed (local line 7), and if
truthy, the
code branches at local lines 26-44: object values are normalized, but in the
`else` branch
at real lines 241-243 (`} else { dataMask = isOldRison; }`) any non-empty
string is
assigned directly to `dataMask`.
4. Later in the same function (lines 47-71 in the excerpt, real lines
~246-71), `dataMask`
is passed into `injectRisonFiltersIntelligently(risonFilters, nativeFilters,
dataMask)`
and then into `hydrateDashboard({ ..., dataMask, ... })`, while
`hydrateDashboard` in
`superset-frontend/src/dashboard/actions/hydrate.ts` lines 94-101 declares
`dataMask:
DataMaskStateWithId` (an object map). To reproduce the issue, load a
dashboard route like
`/superset/dashboard/<id>/?native_filters=foo` where `foo` is not valid
Rison:
`getUrlParam` returns the string `'foo'`, `isOldRison` is truthy but not an
object, the
`else` branch assigns `dataMask = 'foo'`, and downstream code receives a
string instead of
an id-keyed dataMask object, breaking the expected data-mask shape for
filter handling.
```
</details>
[Fix in
Cursor](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=2b0c99a1442c4341912abc43e5a0dfed&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
| [Fix in VSCode
Claude](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=2b0c99a1442c4341912abc43e5a0dfed&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
*(Use Cmd/Ctrl + Click for best experience)*
<details>
<summary><b>Prompt for AI Agent 🤖 </b></summary>
```mdx
This is a comment left during a code review.
**Path:** superset-frontend/src/dashboard/containers/DashboardPage.tsx
**Line:** 241:243
**Comment:**
*Api Mismatch: `getUrlParam(URL_PARAMS.nativeFilters)` returns a raw
string when Rison decoding fails, and this branch assigns that string directly
to `dataMask`. `hydrateDashboard` and downstream data mask logic expect an
object map, so malformed `native_filters` URLs can push an invalid state shape
and break filter handling. Guard this path by accepting only object values and
falling back to `{}` (or preserving the previous `dataMask`) for non-object
results.
Validate the correctness of the flagged issue. If correct, How can I resolve
this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask
user if the user wants to fix the rest of the comments as well. if said yes,
then fetch all the comments validate the correctness and implement a minimal fix
```
</details>
<a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40929&comment_hash=8e437911faf4173e0384f78f13e3683909e8cb25e146443027c32eb3490f0895&reaction=like'>👍</a>
| <a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40929&comment_hash=8e437911faf4173e0384f78f13e3683909e8cb25e146443027c32eb3490f0895&reaction=dislike'>👎</a>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
