Skip to content

feat(ui): add media support and sanitization to Telegram feed (#101)#1458

Closed
lspassos1 wants to merge 1 commit intokoala73:mainfrom
lspassos1:feat/telegram-media-support
Closed

feat(ui): add media support and sanitization to Telegram feed (#101)#1458
lspassos1 wants to merge 1 commit intokoala73:mainfrom
lspassos1:feat/telegram-media-support

Conversation

@lspassos1
Copy link
Collaborator

@lspassos1 lspassos1 commented Mar 11, 2026

This PR enhances the Telegram Intel feed with media support and improved content safety.

Key changes:

  • Added support for displaying images and videos from Telegram posts.
  • Implemented lazy loading for media elements.
  • Integrated safeHtml() for sanitizing post content.
  • Added topic-based badge categorization.
  • Improved layout for multi-media layouts.

@vercel
Copy link

vercel bot commented Mar 11, 2026

@lspassos1 is attempting to deploy a commit to the Elie Team on Vercel.

A member of the Team first needs to authorize it.

@chatgpt-codex-connector
Copy link

chatgpt-codex-connector bot commented Mar 11, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@koala73
Copy link
Owner

koala73 commented Mar 12, 2026

Hey @lspassos1, thanks for the continued contributions! Really appreciate how active you've been.

We reviewed this PR and have some feedback before we can merge:

Scope

This PR bundles several unrelated changes beyond the Telegram media support: font imports, map section overhaul, grid span selectors, vessel popup (USNI) styles, and fullscreen height tweaks. Could you split these into focused PRs? It makes review and rollback much easier.

Security

  • Unsanitized URL in window.open: The img src correctly uses sanitizeUrl(url), but the click handler passes the raw url:

    onClick: () => window.open(url, '_blank')

    Should be sanitizeUrl(url).

  • External CDN font imports: Adding @import url('https://fonts.googleapis.com/...') and cdn.jsdelivr.net in CSS is render-blocking and introduces third-party tracking. If these fonts are needed, they should go as <link rel="preload"> in index.html.

CSS Issues

  • The @import lines at the top have a leading space, which can cause them to be ignored by some CSS parsers (they must be the very first statements).
  • .telegram-intel-topic and .telegram-intel-time are each defined twice in the diff.
  • The map resize handle is set to display: none and all its styles removed. This drops existing functionality without explanation.

Logic

  • 600000 (10 min for "LIVE" status) should be a named constant.
  • response.enabled !== false is looser than the original response.enabled check (it's truthy for undefined/null). Was this intentional?
  • Does the TelegramItem type include mediaUrls? If not, the type definition needs updating.

Thanks again for the work here. The Telegram media support itself is solid. Let us know if you have questions on any of the above!

This was referenced Mar 12, 2026
Open
Merged
@koala73 koala73 closed this Mar 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@lspassos1 lspassos1

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lspassos1 @koala73