From 996bcdc90d7e3ad1e1b44ab384a37157c1cb2c45 Mon Sep 17 00:00:00 2001
From: Nazar Kanaev <nkanaev@live.com>
Date: Tue, 8 Sep 2020 22:36:41 +0100
Subject: [PATCH] handle invalid feeds

---
 assets/javascripts/app.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/assets/javascripts/app.js b/assets/javascripts/app.js
index c5e5e39..70556ae 100644
--- a/assets/javascripts/app.js
+++ b/assets/javascripts/app.js
@@ -22,6 +22,9 @@ var debounce = function(callback, wait) {
 }
 
 var sanitize = function(content, base) {
+  // NOTE: `item.link` is not always a valid url
+  try { new URL(base) } catch(err) { base = null }
+
   var sanitizer = new DOMPurify
   sanitizer.addHook('afterSanitizeAttributes', function(node) {
     // set all elements owning target to target=_blank
@@ -32,9 +35,9 @@ var sanitize = function(content, base) {
       node.setAttribute('xlink:show', 'new')
 
     // set absolute urls
-    if (node.attributes.href && node.attributes.href.value)
+    if (base && node.attributes.href && node.attributes.href.value)
       node.href = new URL(node.attributes.href.value, base).toString()
-    if (node.attributes.src && node.attributes.src.value)
+    if (base && node.attributes.src && node.attributes.src.value)
       node.src = new URL(node.attributes.src.value, base).toString()
   })
   return sanitizer.sanitize(content, {FORBID_TAGS: ['style'], FORBID_ATTR: ['style', 'class']})