Observation
This looks like another content moderation gap. The public endpoint https://halupedia.com/api/index appears to return titles that include abusive or derogatory terms.
Why this is happening
The endpoint currently returns article-index entries from KV as-is and does not check the latest article moderation status before serializing results. If an entry is pending moderation or has not yet been removed in a sweep, it can still be visible in the index list.
Impact
- Offensive content is visible in a public API response.
- The list surface amplifies exposure compared to single-page rendering.
- Moderation becomes reactive (visible first, removed later) for
/api/index.
Suggested fix
- Filter
/api/index items against article_moderation status before returning each page.
- Keep pagination behavior (
cursor, total) consistent after filtering.
- Optionally add a stricter allow/sensitivity policy for index exposure if this endpoint is public.
- Include this in the broader security hardening checklist with expected behavior.
Related context
This is related to issue #12 and the moderation request in #13 (offensive /gas-the-jews/ content path).
Observation
This looks like another content moderation gap. The public endpoint
https://halupedia.com/api/indexappears to return titles that include abusive or derogatory terms.Why this is happening
The endpoint currently returns article-index entries from KV as-is and does not check the latest article moderation status before serializing results. If an entry is pending moderation or has not yet been removed in a sweep, it can still be visible in the index list.
Impact
/api/index.Suggested fix
/api/indexitems againstarticle_moderationstatus before returning each page.cursor,total) consistent after filtering.Related context
This is related to issue #12 and the moderation request in #13 (offensive
/gas-the-jews/content path).