Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-17 10:15:27 -04:00
Code Issues Packages Projects Releases Wiki Activity

Whitelist research source links (#2499)

Browse Source
This commit is contained in:
Vykos
2026-06-04 20:41:35 +02:00
committed by GitHub
parent ed933ac232
commit 3ae89599f3
3 changed files with 50 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
static/js/research/panel.js
+12 -2
View File
@@ -1103,8 +1103,10 @@ function _renderResult(job) {
html += '<div class="research-job-sources">';
for (const s of job.sources.slice(0, 10)) {
const title = _esc(s.title || s.url || '');
const url = _esc(s.url || '');
html += `<a href="${url}" target="_blank" rel="noopener" class="research-source-link">${title}</a>`;
const url = _safeSourceHref(s.url);
html += url
? `<a href="${url}" target="_blank" rel="noopener" class="research-source-link">${title}</a>`
: `<span class="research-source-link">${title}</span>`;
}
if (job.sources.length > 10) html += `<span class="research-source-more">+${job.sources.length - 10} more</span>`;
html += '</div>';
@@ -1231,3 +1233,11 @@ function _esc(s) {
d.textContent = s || '';
return d.innerHTML;
}
function _safeSourceHref(raw) {
try {
const parsed = new URL(String(raw || '').trim(), window.location.origin);
if (parsed.protocol === 'http:' || parsed.protocol === 'https:') return _esc(parsed.href);
} catch {}
return '';
}