From 8f2fd671f1339f3a42a7e0253bea97b85ff3910d Mon Sep 17 00:00:00 2001
From: Franz Kafka <kafka@ashisgreat.xyz>
Date: Mon, 23 Mar 2026 14:56:51 +0000
Subject: [PATCH] fix: extract only hostname for favicon data-domain

data-domain was set to the full result URL (https://en.wikipedia.org/...).
This caused /favicon/ to receive malformed domain strings.

Now extracts u.Hostname() in FromResponse and passes it as Domain
to result_item.html.
---
 internal/views/templates/result_item.html | 2 +-
 internal/views/views.go                   | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/internal/views/templates/result_item.html b/internal/views/templates/result_item.html
index 33f5e8c..3b0b52f 100644
--- a/internal/views/templates/result_item.html
+++ b/internal/views/templates/result_item.html
@@ -4,7 +4,7 @@
     <a href="{{.URL}}" target="_blank" rel="noopener noreferrer">{{.SafeTitle}}</a>
   </div>
   <div class="result_url">
-    <img class="result-favicon" data-domain="{{.URL}}" src="" alt="" loading="lazy" style="display:none">
+    <img class="result-favicon" data-domain="{{.Domain}}" src="" alt="" loading="lazy" style="display:none">
     <a href="{{.URL}}" target="_blank" rel="noopener noreferrer">{{.URL}}</a>
     <span class="engine-badge" data-engine="{{.Engine}}">{{.Engine}}</span>
   </div>
diff --git a/internal/views/views.go b/internal/views/views.go
index 9715ff7..e7ce360 100644
--- a/internal/views/views.go
+++ b/internal/views/views.go
@@ -23,6 +23,7 @@ import (
 	"html/template"
 	"io/fs"
 	"net/http"
+	"net/url"
 	"strconv"
 	"strings"
 
@@ -71,6 +72,8 @@ type ResultView struct {
 	// TemplateName is the actual template to dispatch to, computed from Template.
 	// "videos" maps to "video_item", everything else maps to "result_item".
 	TemplateName string
+	// Domain is the hostname extracted from the result URL, used for favicon proxying.
+	Domain string
 	// SafeTitle and SafeContent are HTML-unescaped versions for rendering.
 	// The API returns HTML entities which Go templates escape by default.
 	SafeTitle   template.HTML
@@ -205,14 +208,19 @@ func FromResponse(resp contracts.SearchResponse, query string, pageno int, activ
 			tmplName = "video_item"
 		}
 		// Sanitize URLs to prevent javascript:/data: scheme injection.
+		var domain string
 		if r.URL != nil {
 			safe := util.SanitizeResultURL(*r.URL)
 			r.URL = &safe
+			if u, err := url.Parse(safe); err == nil {
+				domain = u.Hostname()
+			}
 		}
 		r.Thumbnail = util.SanitizeResultURL(r.Thumbnail)
 		pd.Results[i] = ResultView{
 			MainResult:   r,
 			TemplateName: tmplName,
+			Domain:       domain,
 			SafeTitle:    template.HTML(html.UnescapeString(r.Title)),
 			SafeContent:  template.HTML(html.UnescapeString(r.Content)),
 		}