BetterSEQTA/BetterSEQTA-Plus
1
0
Fork 0
mirror of https://github.com/BetterSEQTA/BetterSEQTA-Plus.git synced 2026-06-17 17:07:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden extension security and plugin reliability

Browse Source 
Address audit findings across background handlers, openers,
plugins, and UI: URL allowlists, XSS reductions, popup lifecycle
fixes, plugin dispose/cleanup, cloud sync hardening, global search
mathjs sandbox, and settings storage fixes.
This commit is contained in:
Aden Linday
2026-06-17 10:50:26 +09:30
parent 0e696e0175
commit 8a5424c5a4
70 changed files with 1229 additions and 430 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/background/news.ts
+20 -6
View File
@@ -1,5 +1,7 @@
import Parser from "rss-parser";
const MAX_RATE_LIMIT_RETRIES = 3;
/**
* Fetches news articles specifically for Australia from the NewsAPI.
*
@@ -13,15 +15,23 @@ import Parser from "rss-parser";
* to send the fetched news data back to the caller.
* It's called with an object like `{ news: responseData }`.
*/
const fetchAustraliaNews = async (url: string, sendResponse: any) => {
const fetchAustraliaNews = async (
url: string,
sendResponse: any,
rateLimitRetryCount = 0,
) => {
fetch(url)
.then((result) => result.json())
.then((response) => {
if (response.code == "rateLimited") {
fetchAustraliaNews((url += "%00"), sendResponse);
if (response.code == "rateLimited" && rateLimitRetryCount < MAX_RATE_LIMIT_RETRIES) {
fetchAustraliaNews(`${url}%00`, sendResponse, rateLimitRetryCount + 1);
} else {
sendResponse({ news: response });
}
})
.catch((error) => {
console.error("[BetterSEQTA+] Failed to fetch Australia news", error);
sendResponse({ news: { articles: [] } });
});
};
@@ -99,13 +109,14 @@ export async function fetchNews(source: string | undefined, sendResponse: any) {
if (normalizedSource === "australia") {
const date = new Date();
date.setDate(date.getDate() - 5);
const from =
date.getFullYear() +
"-" +
(date.getMonth() + 1) +
String(date.getMonth() + 1).padStart(2, "0") +
"-" +
(date.getDate() - 5);
String(date.getDate()).padStart(2, "0");
const url = `https://newsapi.org/v2/everything?domains=abc.net.au&from=${from}&apiKey=17c0da766ba347c89d094449504e3080`;
fetchAustraliaNews(url, sendResponse);
@@ -115,7 +126,6 @@ export async function fetchNews(source: string | undefined, sendResponse: any) {
const parser = new Parser();
let feeds: string[];
console.log("fetchNews", normalizedSource);
if (rssFeedsByCountry[normalizedSource.toLowerCase()]) {
feeds = rssFeedsByCountry[normalizedSource.toLowerCase()];
@@ -129,6 +139,10 @@ export async function fetchNews(source: string | undefined, sendResponse: any) {
const articlesPromises = feeds.map(async (feedUrl) => {
try {
const response = await fetch(feedUrl);
if (!response.ok) {
console.error(`Failed to fetch RSS feed: ${feedUrl} (${response.status})`);
return [];
}
const feedString = await response.text();
const feed = await parser.parseString(feedString);