From e0d75f1b4afd51161a7b7e2870eb78276522ef87 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
<41898282+github-actions[bot]@users.noreply.github.com>
Date: Tue, 12 May 2026 18:41:44 +0000
Subject: [PATCH 1/2] =?UTF-8?q?fix(feed):=20sanitizeMediaUrl=20=E8=87=AA?=
=?UTF-8?q?=E5=8A=A8=E6=8A=8A=20http://=20=E5=8D=87=E7=BA=A7=E5=88=B0=20ht?=
=?UTF-8?q?tps://?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
后端 OgFetchService 已在抓取阶段把 og:image 升到 https,这里是 defense-in-depth:
- 历史数据未回填的 http:// 封面仍能在 feed 卡片显示
- LLM 兜底回填或未来新 site adapter 漏 https 升级时前端兜一层
- HTTPS 页面加载 http:// 图片会被 mixed-content policy 拦掉显示成裂图,
线上 /feed 上小红书两条卡片就是这个症状
不动相对路径("/x.jpg")和已是 https 的 URL;非 http(s) 协议在 sanitize 阶段
就被白名单拒了,走不到升级分支。
---
lib/url-safety.ts | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/lib/url-safety.ts b/lib/url-safety.ts
index 1b8a20e7..9745d992 100644
--- a/lib/url-safety.ts
+++ b/lib/url-safety.ts
@@ -49,9 +49,20 @@ export function sanitizeExternalUrl(
* 媒体(![]()
/