2026-03-16 — logs.gokuls.in

March 16, 2026

2 pull requests merged across 1 repo

bahdotsh/mdterm

fix: navigate to heading for internal anchor links

Internal anchor links (e.g. foo) now navigate to the matching heading instead of being blocked as unsupported URL schemes
Adds a heading_to_slug() function that converts heading text to GitHub-style anchor slugs for matching
Closes #14

Test plan

Open a markdown file containing internal anchor links (e.g. foo with a # foo heading)
Open the link picker (l), select the anchor link, and verify it scrolls to the heading
Verify external links (http://, https://, mailto:) still open normally
Verify headings with special characters and mixed case match correctly

fix: harden against XSS, SSRF, panics, and overflow vulnerabilities

Address 8 issues from security audit: fix underflow in diagram parser, prevent Kitty ID overflow, bound stdin to 100MB, sanitize URLs in HTML export to block javascript:/vbscript: XSS, expand SSRF blocklist with .local/.localhost/.internal/::ffff: patterns, make encode_png fallible, add clipboard command timeout, and use unicode-width for correct CJK/ emoji column widths.