danielmorrisey.com
+8
-4
app.js
+8
-4
app.js
···
44
44
// URL
45
45
const urlCell = document.createElement('td');
46
46
const urlLink = document.createElement('a');
47
-
urlLink.href = pds.url;
47
+
// sanitize URL by removing any '@' characters
48
+
const safeUrl = pds.url ? pds.url.replace(/@/g, '') : '';
49
+
urlLink.href = safeUrl;
48
50
urlLink.target = '_blank';
49
-
urlLink.textContent = pds.url;
51
+
urlLink.textContent = safeUrl;
50
52
urlCell.appendChild(urlLink);
51
53
row.appendChild(urlCell);
52
54
···
63
65
const maintainerCell = document.createElement('td');
64
66
if (pds.maintainer) {
65
67
const link = document.createElement('a');
66
-
link.href = `https://madebydanny.uk/followonbsky.html?did=${pds.maintainer}`;
68
+
// sanitize maintainer by removing any '@' characters before using in URL and display
69
+
const safeMaintainer = pds.maintainer.replace(/@/g, '');
70
+
link.href = `https://madebydanny.uk/followonbsky.html?did=${encodeURIComponent(safeMaintainer)}`;
67
71
link.target = '_blank';
68
-
link.textContent = pds.maintainer;
72
+
link.textContent = safeMaintainer;
69
73
maintainerCell.appendChild(link);
70
74
} else {
71
75
maintainerCell.textContent = '—';