This sounds like a bug to me. If the field is defined as "type": "json" in the schema, I’d expect every link in the chain to validate that only JSON strings can be inserted. It sounds like during creation the validation is not happening and then when retrieving that value, the validation is happening.
I’ve just found a related github issue here:
opened 10:56AM - 19 Jan 23 UTC
issue: bug
severity: high
status: confirmed
source: core:database
Hello,
It is possible to remotely break APIs if the content type has a JSON … field and the `create` operation is permitted. This also breaks the admin UI and prevents administrators from removing the malicious record, accessing the DB directly is the only way to fix the incident.
Reproduction steps:
1. Create a datatype with a JSON field
2. Create a new record via direct API call or using the entity service
```
strapi.entityService.create(... { data: jsonField:{ "foo" }...
```
**with a string (!)** instead of an object for the JSON field.
This will lead to the string being stored directly in the DB table as strapi seemingly relies fully on the DB to perform validation. The problem is though that Postgres' JSONB type allows storing objects, **strings, and other data**. (see https://materialize.com/docs/sql/types/jsonb/#details )
Upon the call in step 2, the console will show a JSON parsing error, because Strapi is - for whatever reason - immediately reading the newly created record from the DB and expects the data to be a JSON object.
Now Strapi is defacto broken, because every time somebody calls the API endpoint that includes such a malformatted JSON record, the parsing fails and there is an error response.
If an admin tries to investigate the issue, he is hit with the same error as the record(s) cannot be read because of the parsing error.
I recommend implementing a 'safe mode' view for the admin panel, so users aren't stuck with a broken strapi instance if issues like these occur in the future.
Node.js version: v18.12.1
NPM version: v9.2.0
Strapi version: 4.5.6
Database: postgres
Operating system: OSX