Duly330AI opened a new pull request, #35828:
URL: https://github.com/apache/superset/pull/35828
Title: fix(#31158): URL-encode dashboard export filename to support special
characters
Summary
-------
This patch fixes an issue where exporting dashboards with special characters
in their
names (e.g. `Dashboard [2024] - Q4`, `Report/Q4 & Analysis™`, `Café`)
resulted in
broken or corrupted downloads. The root cause was that the filename used in
the
`Content-Disposition` header was not URL-encoded, which can break HTTP header
parsing or cause issues in some browsers.
What changed
------------
- Added `urllib.parse.quote()` import in `superset/dashboards/api.py`.
- URL-encode the generated zip filename before passing it to `send_file()` as
`download_name` (preserve the `.` character so the extension remains
intact).
Why this is safe
-----------------
This is a surgical 4-line change that only encodes the filename used in the
HTTP header. It does not change the exported YAML contents or export logic,
so there is no risk to exported data. The change preserves the `.` in the
filename so file extensions remain readable.
Files changed
-------------
- `superset/dashboards/api.py` (modified)
New tests
---------
- `tests/integration_tests/dashboard_export_test.py` (added):
- `test_export_dashboard_with_normal_name`
- `test_export_dashboard_with_brackets`
- `test_export_dashboard_with_special_chars`
- `test_export_multiple_dashboards_with_special_chars`
- `cypress/e2e/dashboards/export-special-chars.cy.js` (added): E2E tests to
validate the export API, Content-Disposition header formatting and ZIP
integrity for dashboards with special characters.
Testing
-------
Functional checks performed locally in this branch:
- A small functional script verified `urllib.parse.quote()` encoding for a
range
of special characters (brackets, slash, ampersand, trademark, emoji,
non-Latin
scripts).
- The Python tests and Cypress test files are included; run them in a fully
provisioned Superset dev environment:
1) Python tests (requires Superset dev env):
```bash
cd c:/noc_project/projects/superset
python -m pytest tests/integration_tests/dashboard_export_test.py -v
```
2) Cypress E2E (requires Superset running at http://localhost:8088):
```bash
cd c:/noc_project/projects/superset
npx cypress run --spec "cypress/e2e/dashboards/export-special-chars.cy.js"
```
Notes for reviewers
-------------------
- This fix targets only the export filename and HTTP header; the exported
contents are unchanged.
- Consider backporting to older supported releases if the project wants to
ensure compatibility for users on those branches.
Related issue
-------------
- Fixes: #31158
Commits
-------
- `fix(#31158): URL-encode dashboard export filename for special characters`
- `test(#31158): Add regression tests for dashboard export with special
characters`
- `test(#31158): Add E2E tests for dashboard export with special characters`
- `style(#31158): Run Black formatter on modified files`
- `docs(#31158): Add changelog entry for dashboard export fix`
Suggested reviewers / labels
---------------------------
- Reviewers: @apache/superset-frontend, @apache/superset-maintainers
- Labels: bug, tests, regression, backport? (maintainer decision)
How to create the PR (web)
--------------------------
1. Open: https://github.com/Duly330AI/superset/pull/new/fix/31158-export-bug
2. Paste the contents of this file into the PR body.
3. Set base repository to `apache/superset`, base branch `master` and head to
`Duly330AI:fix/31158-export-bug` (this should be prefilled).
4. Add reviewers/labels and submit.
How to create the PR (gh CLI)
-----------------------------
If you have `gh` authenticated locally, you can run:
```bash
cd c:/noc_project/projects/superset
# Create PR using the prepared body file
gh pr create --title "fix(#31158): URL-encode dashboard export filename to
support special characters" \
--body-file PR_BODY_31158.md \
--base apache:master \
--head Duly330AI:fix/31158-export-bug
```
If `gh pr create` doesn't allow cross-repo base, you can open the web URL
above
and paste the body manually.
Thanks — let me know if you want me to open the PR page in your browser (I
can
print a clickable URL) or if you want me to try creating the PR with `gh` (I
can
attempt but it requires `gh` auth on your machine).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
