Wikipedia language subdomain was derived from user input without
validation, allowing attackers to redirect requests via malicious
language values like "evil.com.attacker.com". Added a whitelist of
valid Wikipedia language codes to prevent this.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Brave API only supports offset values 0-9. When pageno > 1 with
resultsPerPage=20, offset exceeded this limit causing 422 errors.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The nix store may have stale vendor directories with incorrect
permissions. Force chmod before removing to ensure clean build.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The auto-computed vendorHash for the go modules is:
sha256-PTD4eEEkLGBCZbot6W4U+sMOpIbH2tcFSztQel7hyXI=
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This fixes the build by properly synchronizing go.mod and go.sum
using the official Go toolchain.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Test GET /healthz, /, /search, /autocompleter endpoints.
Verify response codes, content types, JSON decoding, empty-query
redirect, and source URL presence in footer.
Also fix dead code in Search handler: the redirect for empty q
was unreachable because ParseSearchRequest errors on empty q first.
Move the q/format check before ParseSearchRequest to fix the redirect.
The go.sum is out of sync with go.mod causing build failures.
Removing it allows Go to rebuild it from the module proxy.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The golang.org/x/net v0.52.0 was listed as an indirect dependency but
nothing in the codebase imports it, causing go mod tidy to fail.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The replace directive was removed but go.sum wasn't updated
with the correct hash for golang.org/x/net v0.52.0.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The replace directive for golang.org/x/net was causing build
failures when using vendorHash = "" with the Go module proxy.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The go.mod changes (goquery downgrade, x/net replace) invalidate the
old vendorHash. Set to empty to auto-recompute, then replace with the
actual hash from the build error.
Trim or remove comments that:
- State the obvious (function names already convey purpose)
- Repeat what the code clearly shows
- Are excessively long without adding value
Keep comments that explain *why*, not *what*.
Thread source_url through: config.ServerConfig → Handler.sourceURL
→ PageData.SourceURL → template footer. Footer only shows Source
link when source_url is set.
Update LICENSE file and add AGPL header to all source files.
AGPLv3 ensures that if someone runs Kafka as a network service and
modifies it, they must release their source code under the same license.
- New CSS: complete design system with CSS variables, modern color palette
- Homepage: full-viewport hero with centered search, logo, tagline
- Result cards: rounded, shadowed, with favicons via Google Favicon API
- Layout: sidebar + results grid, responsive
- Typography: proper font stack, variable weights
- Settings panel: polished popover with animations
- Autocomplete: modern dropdown with keyboard nav
- Dark mode: full color palette via data-theme attribute
- Favicon: clean search icon SVG
- google.go: use inline (?s) flag instead of regexp.DotAll second arg
- youtube.go: remove Metadata field (not in MainResult contract)
- config_test.go: fix expected engine count from 9 to 11 (google+youtube)
html/template requires template names to be string literals, not field
accesses. Use {{if eq .Template "videos"}} to branch and call the
appropriate template by literal name.
Go html/template doesn't support function calls as template names in
{{template (func .Arg) .}}. Instead, precompute TemplateName in
FromResponse and use {{template .TemplateName .}} in the template.
MainResult: add Thumbnail field (used by YouTube, images, etc.)
video_item.html: new partial for video results with thumbnail display
views.go: add templateForResult func + video_item.html to template parse
results_inner.html: dispatch to video_item when Template="videos"
kafka.css: add .video-result flex layout with thumbnail styling
- Replace document.body.innerHTML with panel.querySelector('.settings-popover-body').innerHTML
- Use theme buttons (.theme-btn) with icons instead of radio buttons
- Use .engine-toggle class for engine checkboxes in 2-column grid
- Include settings-notice paragraph for engine changes
- Use dropdowns for safe search and format with proper ids
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
