Polish home hero and mobile nav#15
Conversation
wauputr4
force-pushed
the
codex/home-mobile-nav-polish
branch
3 times, most recently
from
856115a to
615fa34
Compare
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 615fa34de5
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| const binary = atob(data.content.replace(/\n/g, '')); | ||
| const bytes = Uint8Array.from(binary, (char) => char.charCodeAt(0)); | ||
| const markdown = new TextDecoder().decode(bytes); | ||
| root.innerHTML = await marked.parse(markdown); |
There was a problem hiding this comment.
For any listed repo whose README contains raw HTML, marked.parse() preserves that HTML and this assignment inserts it directly into the IndopenSource page; content such as an <img onerror=...> handler can then run attacker-controlled JavaScript on indopensource.org when a visitor opens that project detail page. Sanitize the parsed output or render only a safe Markdown subset before assigning to innerHTML.
Useful? React with 👍 / 👎.
wauputr4
force-pushed
the
codex/home-mobile-nav-polish
branch
from
615fa34 to
4dab785
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4dab785cb9
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| const binary = atob(data.content.replace(/\n/g, '')); | ||
| const bytes = Uint8Array.from(binary, (char) => char.charCodeAt(0)); | ||
| const markdown = new TextDecoder().decode(bytes); | ||
| root.innerHTML = await marked.parse(markdown); |
There was a problem hiding this comment.
When a README contains repo-relative links or images such as docs/setup.md or ./assets/logo.png, marked.parse() leaves those URLs unchanged and this assignment makes the browser resolve them under /projects/<slug>/ on indopensource.org. Those assets and links will 404 instead of pointing back to the GitHub repository, so the project detail page will not faithfully render many READMEs; rewrite relative href/src values against the README's GitHub URL before inserting the HTML.
Useful? React with 👍 / 👎.
| date: data.date || '', | ||
| tags: data.tags || [], | ||
| status: data.status || 'draft', | ||
| thumbnail: data.thumbnail || data.image || data.cover || '', |
There was a problem hiding this comment.
If an article in Blog-IndopenSource sets thumbnail: ./cover.png or image: images/cover.png, this line stores that repo-relative path unchanged. The blog pages later treat every non-HTTP thumbnail as a site-local asset via withBase(), but the sync does not copy assets from the blog repo, so those images render as broken /indopensource.org/... URLs; resolve relative thumbnail paths to the raw GitHub file URL during sync or reject them explicitly.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1ffedbd76d
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| </div> | ||
| <div class="mt-7 flex flex-wrap gap-3"> | ||
| <BaseButton href={project.url}>Buka GitHub</BaseButton> | ||
| {project.homepage && <BaseButton href={project.homepage} variant="secondary">Homepage</BaseButton>} |
There was a problem hiding this comment.
When a synced repo's GitHub homepage omits the scheme (GitHub accepts values like caringab.vercel.app, and the current data contains that value for rayasabari/caringab), passing it straight to BaseButton makes BaseButton treat it as an internal path via withBase(), so the new detail page links to /caringab.vercel.app instead of the project site. Normalize these homepage values, or require https://, before rendering the button.
Useful? React with 👍 / 👎.
1 participant
Summary
Verification
Note: Playwright screenshot QA was skipped because the local Playwright browser binary is not installed in this workspace.