mirror of
https://github.com/apache/superset.git
synced 2026-07-12 01:35:36 +00:00
Closes every item from the 2026-06-02 subdirectory test-gap audit
(3× P0, 5× P1, 1× P2). Each new module is a contract pin against a
specific subdir-deployment regression class that the existing suites
did not cover.
P0 (must-have):
- normalizeBackendUrls.fields.test.ts (8 tests) — snapshot the
NORMALIZED_URL_FIELDS allow-list + NORMALIZER_EXCLUSIONS ledger so
a new backend `*_url` field can't be silently un-normalized.
- test_redirect_view_subdirectory.py (10 tests) — pin RedirectView
behaviour under SCRIPT_NAME=/superset including DANGEROUS_SCHEMES
family, FF disablement, query preservation.
- EmbedCodeContent.subdirectory.test.tsx (1 test) — pin the iframe
src in the chart-embed clipboard payload to land at
/superset/explore/p/<key>/ exactly once.
P1 (high-value):
- pathUtils.parity.test.ts (10 tests) — pin runtime parity between
pathUtils.ensureAppRoot and SupersetClientClass.getUrl (the two
sanctioned appRoot dedupe entry points).
- test_subdirectory_url_for.py (+1 test) — extend the permalink pin
set to cover SqllabView.permalink_view.
- test_spa_service_worker.py (8 tests) — pin the SW registration
URL template in spa.html across root/subdir/CDN deployment shapes.
- test_legacy_prefix_redirect.py (+8 tests) — anchor the CR-M2
deferred MEDIUM by pinning case-sensitive prefix matching +
trailing-slash collapse via rstrip("/").
- FilterBar.subdirectory.test.ts (11 tests) — pin the
publishDataMask guard + prefix-strip that keep
/superset/superset/dashboard/... out of the URL bar.
P2 (defence-in-depth):
- navigationUtils.schemes.test.ts (32 tests) — extend the
`javascript:` neutralisation pin in directDom.test to the full
dangerous-scheme family (data:/vbscript:/file:/blob:/chrome:/
about: + uppercase variants) across openInNewTab, redirect, and
getShareableUrl.
Verification: 117 pytest + 62 Jest = 179/179 PASS across the new and
adjacent suites; pre-commit clean. No production code touched.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>