Skip to content

fix: only protect URLs with explicit http(s):// from !s rewrites#60

Merged
zippy1981 merged 10 commits into
mainfrom
fix/url-protocol-required
May 5, 2026
Merged

fix: only protect URLs with explicit http(s):// from !s rewrites#60
zippy1981 merged 10 commits into
mainfrom
fix/url-protocol-required

Conversation

@davelindsay84

@davelindsay84 davelindsay84 commented May 5, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • The URL regex made the protocol optional ((https?:\/\/)?), so bare-domain mentions like fast.com were extracted as URL placeholders and shielded from !s.
  • Reported case: !s ast/uck against hit fast.com skipped the message entirely and rewrote the next eligible one (which contained last), producing a baffling result.
  • Fix: require the http:// or https:// prefix in URL_RE. Real links stay protected; casual domain references are searchable and replaceable.

Test plan

  • New extractUrls cases for fast.com and www.example.com (no extraction)
  • New replaceFirstMessage regression test: hit fast.com + !s ast/uckauthor hit f**uck**.com
  • Existing URL-protection tests (https://www.google.com/...) still pass — 141 tests green

🤖 Generated with Claude Code

David Lindsay and others added 10 commits May 2, 2026 09:53
@claude
fix: pass history.values() to replaceFirstMessage
01acf00 
Discord.js Collection iterates as [id, Message] pairs, not bare Messages.
Passing .values() gives replaceFirstMessage the Message objects it expects.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
fix: four correctness bugs — blocked-phrase bypass, empty-phrase scor…
1dedc17 
…ing, proxyAuthors leak

- config.js: trim whitespace from SearchPhrasesToBlock entries so that
  'bad, word' in the env var does not create a ' word' entry that silently
  bypasses the block
- replacer.js: apply normalizeUnicode to the replacement text before the
  blocked-phrase check, closing the curly-quote bypass
- scoring.js: guard parseScoreLine against bare '++' / '--' lines that
  would insert an empty-string phrase into the DB
- reactions.js: cap proxyAuthors Map at 1000 entries (FIFO eviction) to
  prevent unbounded growth over long uptime

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
feat: compact leaderboard format to match !trending
0fdf4db 
Output is now a single line: **👍 (30d)** 1. <@id1> 3, 2. <@id2> 2

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
fix: use single quotes in replacer test mock to satisfy linter
8107975 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
feat: normalize em dashes and all apostrophe variants to ASCII equiva…
8a5ebf5 
…lents

Adds U+201B and U+02BC to the Unicode normalizer so that modifier-letter
apostrophes (and other device-specific single-quote substitutions) match
regular apostrophes in searches and scored phrases. Applies normalizeUnicode
to phrase storage and lookup in scoring so that smart apostrophes and em
dashes typed in scored phrases are interchangeable across devices.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
fix: handle !leader with no space before custom emoji
fb7fc19 
Slicing by '!leader ' (with space) consumed the leading '<' of a
custom emoji when typed without a space, producing ':name:id>' as the
body instead of '<:name:id>'. The regex didn't match, key and display
were wrong, and the Easter-egg zero-results message echoed the broken
entity literally.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
fix: handle !leader with no space before custom emoji
c2b8c38 
Slicing by '!leader ' (with space) consumed the leading '<' of a
custom emoji when typed without a space, producing ':name:id>' as the
body instead of '<:name:id>'. The regex didn't match, key and display
were wrong, and the Easter-egg zero-results message echoed the broken
entity literally.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
Merge feature/existential-dread into main
b7be610 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
fix: only protect URLs with explicit http(s):// from !s rewrites
9868e00 
The URL extraction regex made the protocol optional, so bare-domain
mentions like "fast.com" were being shielded as URLs and skipped during
search. A user typing `!s ast/uck` against "hit fast.com" got no match
and the bot moved on to the next eligible message, which was confusing.

Require the http:// or https:// prefix so casual domain references stay
in plain text and are searchable/replaceable, while real links remain
protected.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@claude
fix: use single quotes in test files to satisfy linter
7724dfd 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@zippy1981 zippy1981 merged commit 9a38e9f into main May 5, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zippy1981 zippy1981 zippy1981 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@davelindsay84 @zippy1981