Cleanup#5433
Open
bbbreaddd wants to merge 15 commits into
Open
Conversation
Contributor
Author
|
Also reduced the requirements for node. The site doesn't require Node >25 and it's probably best to not require a non-LTS version anyways. |
Contributor
Author
|
Rebased the commits to fix the conflicts. |
- single-page: Promise.allSettled + per-fetch timeout so one slow/down GitHub file no longer hangs or 500s the whole endpoint (C5/H9); relax cache to stale-while-revalidate (M13) - feedback: sanitize message/heading before Discord embed (@everyone, backticks) (C6); validate client IP, prefer cf-connecting-ip (H1/H8); log webhook failure body and return 502 (M5); reject oversized bodies (P4) - ratelimit: 429 status on limit, drop double type-cast, validate IP (L1/L2/H8) - cors: restrict methods to GET/POST/OPTIONS (H2) - Feedback schema: reject script/js/handler content + path regex (M4) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- config buildEnd: catch+rethrow so a failed OG/RSS hook fails the build instead of silently logging 'Success!' (C8) - opengraph: optional-chain frontmatter.hero so home pages without a hero block don't throw (M2) - rss: skip posts missing a title instead of emitting 'undefined' (H11) - shared: treat 0/no/off/false (any case) as build-off, not just 'false' (M9) - generate-removed: add execSync timeouts, log the swallowed git-config error, validate temp path before rmSync (H7/L5/L6) - engines: relax node to >=20 to match CI reality (M1); gh-pages fetch-depth 0 so generate-removed has git history (H12) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Feedback: show err.message string instead of assigning the Error object, which rendered as '[object Error]' (H10) - Clock/SearchBar: hoist interval/handler refs to setup scope and use top-level onUnmounted instead of nesting it inside onMounted (H3/H4) - ThemeDropdown: tear down previous flyout listeners before re-adding so they can't accumulate (H5) - themeHandler: store the matchMedia listener as a stable ref, make init idempotent, and add destroy() to remove it (H6) - transformer: branch on typeof replace instead of casting to any (M8) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Add dompurify + a client-guarded sanitize composable (sanitizeSvg, sanitizeSearchHtml, sanitizeRichHtml); SSR-safe no-op without a DOM - Bookmarks: sanitize user-supplied custom SVG at render so stored localStorage payloads can't execute script (C4) - search box: sanitize the three v-html bindings — titles keep mark/emphasis, excerpt keeps rich formatting but drops scripts/handlers (C3) - base64 plugin: escape decoded content for the JS-string-in-attribute context and HTML-escape the displayed code (C1) - headers plugin: HTML-escape heading before the Feedback attribute (C2) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- ThemeDropdown: add aria-label to the icon-only toggle button (L3) - WallpaperCard: make alt text distinct from the visible title (L4) - constants: drop meaningless biome-ignore comment (project uses ESLint) (L7) - feedback: point Discord avatar at a self-hosted asset (M15) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Contributor
Author
|
Someone gave a list of "bugs and security vulnerabilities" that Claude found, so I let Claude "fix" them. Still need to go in and review it and make sure nothing broke. |
…ed to be the main one
… and fixed a lint error in feedback.post.ts
Contributor
Author
|
Well this PR became a lot bigger than I meant for it to be. It's still mostly backend changes that shouldn't affect the main user though. Things like cleaning up some code, making things more robust, adding better error handling, fixing security stuff.
Preview: https://f60f91d9.edit-b69.pages.dev/ |
Contributor
Author
|
Also the deleted characters is at 16k mainly because I removed the package-lock.json which was -16,463 characters |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
While I was working with the site, I noticed some small things that were annoying.
These changes pretty much only affect people developing for the site.(Not anymore ig)