fix: extract only hostname for favicon data-domain

data-domain was set to the full result URL (https://en.wikipedia.org/...). This caused /favicon/ to receive malformed domain strings. Now extracts u.Hostname() in FromResponse and passes it as Domain to result_item.html.
2026-03-23 14:56:51 +00:00 · 2026-03-23 14:56:51 +00:00 · 8f2fd671f1
commit 8f2fd671f1
parent b57a041b6a
2 changed files with 9 additions and 1 deletions
--- a/internal/views/views.go
+++ b/internal/views/views.go
@ -23,6 +23,7 @@ import (
 	"html/template"
 	"io/fs"
 	"net/http"
+	"net/url"
 	"strconv"
 	"strings"

@ -71,6 +72,8 @@ type ResultView struct {
 	// TemplateName is the actual template to dispatch to, computed from Template.
 	// "videos" maps to "video_item", everything else maps to "result_item".
 	TemplateName string
+	// Domain is the hostname extracted from the result URL, used for favicon proxying.
+	Domain string
 	// SafeTitle and SafeContent are HTML-unescaped versions for rendering.
 	// The API returns HTML entities which Go templates escape by default.
 	SafeTitle   template.HTML
@ -205,14 +208,19 @@ func FromResponse(resp contracts.SearchResponse, query string, pageno int, activ
 			tmplName = "video_item"
 		}
 		// Sanitize URLs to prevent javascript:/data: scheme injection.
+		var domain string
 		if r.URL != nil {
 			safe := util.SanitizeResultURL(*r.URL)
 			r.URL = &safe
+			if u, err := url.Parse(safe); err == nil {
+				domain = u.Hostname()
+			}
 		}
 		r.Thumbnail = util.SanitizeResultURL(r.Thumbnail)
 		pd.Results[i] = ResultView{
 			MainResult:   r,
 			TemplateName: tmplName,
+			Domain:       domain,
 			SafeTitle:    template.HTML(html.UnescapeString(r.Title)),
 			SafeContent:  template.HTML(html.UnescapeString(r.Content)),
 		}