Conversation
…for strongRef and external links
- Extract shared CORS utility (4 duplicate implementations -> 1) - Bound all in-memory caches: archive (50), youtube (200), domains (500), profiles (10k) - O(n) single-pass CSS URL rewriting (was O(n^2) with per-URL regex construction) - Precompile regex patterns at module level - Cache Intl.Segmenter, count graphemes without array allocation - Add compound SQLite indexes for JOIN queries, enable mmap + temp_store=MEMORY - Exponential backoff on ingester reconnect (was fixed 5s) - Move youtube cache expiry scan to periodic interval (off hot path) - Add deploy:api script (git pull, bun install, pm2 restart, health check) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…limiting - Strip scripts, iframes, embeds, mXSS vectors (noscript/template/math) - Sanitize SVGs: keep visual elements, strip scriptable children - Block dangerous URI schemes (javascript:, vbscript:, blob:, data:!image) - Scope all CSS via Lightning CSS visitor, strip @import, reject oversized CSS - Strip non-asset CSS url() references (tracking pixel prevention) - SSRF: block all IP encodings, require domain names, validate URLs - CORS: reject unknown origins instead of wildcard fallback - Rate limit archive (3 burst, 1/5s) and asset proxy (30 burst, 5/s) - Client-side DOMPurify defense-in-depth with FORBID_TAGS - Style attribute whitelist on ArchiveModeWrapper - Merge JSDOM passes, add client-side archive cache - Tighten asset proxy: type validation, domain tracking, SSRF protection - Remove error.message leaks from all API responses Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ith examples - Move content mode toolbar (reader/archive/wayback/arena/original) into header bar - Fix dark mode CSS: use .dark class instead of prefers-color-scheme for Arena links - Login button color: bg-blue-400 → bg-blue-600 for consistency - Merge sidebar control bar into tab row, saving vertical space - Homepage: lead with example carousel, collapse instructions into details - FAB: add post count badge on mobile - Resize handle: w-1 → w-1.5 for easier grab target Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.