fix: 修復 Substack/Cloudinary CDN 圖片 URL 的編碼問題

[cowcfj]

Pull Request

📋 變更描述

修復 Substack 和 Cloudinary CDN 圖片 URL 在處理過程中因 percent-encoded URL 而導致的顯示問題。

🎯 變更類型

• 🐛 Bug 修復 (Bug Fix)

🤖 提交者聲明

• 👨‍💻 由人類開發者手動提交

✅ 提交前檢查清單

• PR 標題合規: 我的 PR 標題確實遵循 Conventional Commits 規範 (如 feat: , fix: , refactor: )，以確保 release-please 正常分析版本號。
• 流程與安全自評: 我已閱讀並確認變更符合 PR_WORKFLOW.md 中的測試規範、代碼規範與安全性指引。

🔗 相關 Issue

Closes #

變更

• 偵測並保留 CDN URL 中的嵌入式 percent-encoded URL，避免解碼導致路徑結構破壞。
• 更新 _normalizeUrlInternal 函數以處理特定的 CDN URL 格式。

測試

• 新增三個測試案例以覆蓋 Substack 和 Cloudinary URL 格式。
• 全部 245 個現有測試通過，無回歸。

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

此 PR 主要修復了圖片 URL 在標準化過程中，因錯誤解碼嵌入式 percent-encoded URL 而導致路徑結構損壞的問題。透過在處理流程中加入特定 CDN 格式的偵測邏輯，確保這類 URL 能被正確保留，並透過新增單元測試驗證了修復的有效性與穩定性。

Highlights

• CDN URL 處理優化: 在 imageUtils.js 中新增了對嵌入式 percent-encoded URL 的偵測機制，防止 decodeURI 錯誤地解碼 CDN 代理路徑。
• 測試覆蓋率提升: 於測試套件中新增了針對 Substack 與 Cloudinary URL 格式的測試案例，確保 CDN 圖片路徑結構的完整性。

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[codecov]

Codecov Report

❌ Patch coverage is 84.21053% with 3 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
scripts/utils/imageUtils.js	83.33%	3 Missing ⚠️

📢 Thoughts on this report? Let us know!

[gemini-code-assist]

Code Review

此拉取請求在 imageUtils.js 中新增了對 CDN 代理 URL（如 Substack 和 Cloudinary）的偵測邏輯，防止 decodeURI 破壞其中嵌入的編碼 URL 結構，並同步更新了單元測試。審閱意見指出，目前的實作因直接回傳而跳過了後續針對 Notion 相容性的特殊字元編碼處理，建議在回傳前仍應執行字元替換以確保 URL 在 Markdown 環境下的穩定性。

[coderabbitai]

Warning

Rate limit exceeded

@cowcfj has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 2 minutes and 41 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 2 minutes and 41 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 9ee1f30e-1887-4911-af4c-e88a24ced442

📥 Commits

Reviewing files that changed from the base of the PR and between 7677b73 and 9087798.

📒 Files selected for processing (2)

• scripts/utils/imageUtils.js
• tests/unit/imageUtils.utils.test.js

📝 Walkthrough

Walkthrough

在 scripts/utils/imageUtils.js 中增强了 URL 规范化与提取逻辑：新增从 scripts/config/extraction.js 导入的常量 EMBEDDED_URL_ENCODED_HTTP_PROTOCOL_REGEX，并在 _normalizeUrlInternal(url) 中加入守卫——当检测到路径中包含嵌入的百分号编码 HTTP/HTTPS 协议（如 https%3A%2F%2F）时，跳过 decode/再 encode 的流程，仅对 Markdown/Notion 敏感字符进行编码后返回。新增 _isPlausibleImageUrl(url) 用于校验 srcset 解析产物以避免因 CDN 转换参数中的逗号导致的截断错误，调整 extractImageSrc(imgNode) 的控制流：优先尝试 srcset 且通过校验时才使用，否则回退到已有的 src/picture/background/noscript/anchor 提取链。新增并扩展了针对 CDN/代理 URL 场景的单元测试，且在 scripts/config/extraction.js 中导出新的正则常量。

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat: 重構 NotionService 圖片過濾邏輯及更新 API 路徑 #208: 修改了 scripts/utils/imageUtils.js 中的图像 URL 验证/提取逻辑（导入与函数变更），与本次对 imageUtils 的调整在代码层面高度相关。

Suggested labels

Review effort 3/5

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	PR 描述包含變更描述、變更類型選項、檢查清單等主要部分，但部分必要字段缺失或未完成（提交者聲明未勾選、PR 標題合規檢查未勾選、相關 Issue 未填寫），降低了完整性。	建議完成所有檢查清單項目：勾選提交者聲明、確認 PR 標題合規、補充相關 Issue 編號，確保流程完整性。

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	PR 標題明確指出修復 Substack/Cloudinary CDN 圖片 URL 的編碼問題，與變更內容（處理 percent-encoded URL、修復 srcset 截斷等）高度相關，並遵循 Conventional Commits 規範。
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@scripts/utils/imageUtils.js`:
- Line 168: Extract the inline regex /https?%3A%2F%2F/i into a named constant
(e.g., EMBEDDED_URL_ENCODED_REGEX) defined and exported from your dedicated
constants module, import that constant into scripts/utils/imageUtils.js and
replace the inline usage in the conditional that tests normalized with the
imported constant; ensure the constant name clearly indicates it matches
URL-encoded "http(s)://" so future maintenance and reuse are straightforward.

In `@tests/unit/imageUtils.utils.test.js`:
- Around line 88-92: The test title says it should verify isValidCleanedImageUrl
but the assertion calls isValidImageUrl; update the test so the name and the
assertion match — either rename the test to reference isValidImageUrl or change
the assertion to call isValidCleanedImageUrl (and keep the URL and expectation
the same); locate this in the test containing cleanImageUrl,
isValidCleanedImageUrl, and isValidImageUrl to make the alignment consistent.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 1c7e54ea-9867-40c2-bc25-463159183b89

📥 Commits

Reviewing files that changed from the base of the PR and between 3f71932 and 0990b67.

📒 Files selected for processing (2)

• scripts/utils/imageUtils.js
• tests/unit/imageUtils.utils.test.js

📜 Review details

🧰 Additional context used

📓 Path-based instructions (11)

**/*.js

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

此專案為 Chrome Extension (Manifest V3)，必須使用 Vanilla JavaScript (ES6+ Modules) 作為核心語言，CommonJS 用於 Node 腳本。

Files:

• scripts/utils/imageUtils.js
• tests/unit/imageUtils.utils.test.js

**/*.{js,ts,tsx,jsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

禁止使用 TypeScript（除非明確要求）、React、Vue、Webpack。

Do not use console.log() statements in production code

Files:

• scripts/utils/imageUtils.js
• tests/unit/imageUtils.utils.test.js

**/*.{js,ts,tsx,jsx,py,java,cs,rb,go,swift,kt,php,md}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/linter_rules.json)

Use Traditional Chinese (zh-TW) for all code comments, documentation, and string content, with strict enforcement except for technical terms and variable names

Files:

• scripts/utils/imageUtils.js
• tests/unit/imageUtils.utils.test.js

**/*.{js,ts,tsx,jsx,py,java,cs,rb,go,swift,kt,php}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/linter_rules.json)

**/*.{js,ts,tsx,jsx,py,java,cs,rb,go,swift,kt,php}: Do not use magic numbers in code; extract them to constants defined in a dedicated constants module
Use a dedicated constants module for defining and exporting all constant values

Files:

• scripts/utils/imageUtils.js
• tests/unit/imageUtils.utils.test.js

**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/security_rules.json)

**/*.{js,ts,jsx,tsx}: Force strict whitelisting for file downloads: appended files must be restricted to '.json' or '.txt' extensions with explicitly designated MIME types. Never use arbitrary user input for filenames to prevent Reflected File Download (RFD) attacks.
Always prefer textContent for DOM operations. If SVG mixed content requires text updates, find the TEXT_NODE and update its textContent rather than using innerHTML on the parent.
Rely on LogSanitizer to strip sensitive properties (like sender, tab, PII) before emitting logs in production.

Follow the project's ESLint configuration and do not emit DeepSource (skipcq) comments.

**/*.{js,ts,jsx,tsx}: Reject PR if attempting to log complete sender, tab, request objects or raw HTML content. Require using IDs only (e.g., sender?.id, tab?.id), and wrapping URLs with sanitizeUrlForLogging() and API errors with sanitizeApiError().
Reject PR if attempting to store large HTML content, Base64 images, or heavy payloads into chrome.storage.sync. Require storing large payloads in chrome.storage.local or IndexedDB.
Reject PR if introducing new core business logic without corresponding unit or E2E tests. Require TDD and ensure Codecov checks do not fail (< 50%).
Avoid exposing internal-only, non-actionable, non-blocking cleanup/reconciliation/retry failures directly as user-facing errors. Keep the canonical user-facing state, log the internal failure, and handle retry/recovery inside the relevant service or canonical path unless the failure truly blocks the user's next action.
Verify all Logger.info/error calls correctly sanitize data with no PII and no raw HTML.
Verify cache and large data usage strictly targets chrome.storage.local rather than chrome.storage.sync.

Files:

• scripts/utils/imageUtils.js
• tests/unit/imageUtils.utils.test.js

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/debugging_rules.json)

**/*.{ts,tsx,js,jsx}: Use Logger.success(msg, ctx?) for operation success confirmation in Notion Chrome Extension. Output prefix: [INFO] ✅. The Logger class auto-manages the emoji icon.
Use Logger.start(msg, ctx?) for process launch notifications in Notion Chrome Extension. Output prefix: [INFO] 🚀. The Logger class auto-manages the emoji icon.
Use Logger.ready(msg, ctx?) for module or resource readiness notifications in Notion Chrome Extension. Output prefix: [INFO] 📦. The Logger class auto-manages the emoji icon.
Use Logger.info(msg, ctx?) for general informational messages in Notion Chrome Extension. Output prefix: [INFO]. No auto-managed emoji icon.
Use Logger.debug(msg, ctx?) for development debugging in Notion Chrome Extension. Output prefix: [DEBUG]. Controlled by enableDebugLogs switch.
Use Logger.warn(msg, ctx?) for non-fatal warnings in Notion Chrome Extension. Output prefix: [WARN] ⚠️. The Logger class auto-manages the emoji icon.
Use Logger.error(msg, ctx?) for error recording in Notion Chrome Extension. Output prefix: [ERROR] ❌. The Logger class auto-manages the emoji icon. Always displayed regardless of debug switch.
Do NOT manually insert emoji icons (✅, 🚀, 📦, ⚠️, ❌) into log messages. The Logger class auto-manages these icons. Only manually use special semantic emoji like 🔍 (search) or 🗑️ (delete) when needed for semantic clarity.
Use 'action' field in Logger context to record public API function names (e.g., 'loadHighlights', 'savePage') for structured logging in Notion Chrome Extension.
Use 'operation' field in Logger context to record internal operation steps (e.g., 'parseLocalStorage', 'buildUrl') for structured logging in Notion Chrome Extension.
Use 'phase' field in Logger context (optional) to record execution stages (e.g., 'validation', 'apiCall') for structured logging in Notion Chrome Extension.
Use 'result' field in Logger context to record operation results (e.g., 'blocked', 'success', 'failed') for structured logging in Notion Chr...

Files:

• scripts/utils/imageUtils.js
• tests/unit/imageUtils.utils.test.js

**/*.{js,ts,jsx,tsx,md}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/code_review_rules.json)

Maintain code comments and documentation in Traditional Chinese.

Files:

• scripts/utils/imageUtils.js
• tests/unit/imageUtils.utils.test.js

**/*

⚙️ CodeRabbit configuration file

**/*: # Project Specific Guidelines

1. Language: All user-facing UI text, strings, and messages MUST be in Traditional Chinese (zh-TW).
2. Architecture: Follow the defined storage structures and specs. Do not introduce unauthorized storage fields.
3. Code Quality: Avoid N+1 issues, blocking operations, and ensure high code quality. Suggest optimizations that follow modern JavaScript/Chrome Extension best practices.

Files:

• scripts/utils/imageUtils.js
• tests/unit/imageUtils.utils.test.js

**/*.test.js

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

單元測試邏輯使用 Jest，需要使用 Mocking patterns。

Files:

• tests/unit/imageUtils.utils.test.js

**/*.{test,spec}.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/debugging_rules.json)

**/*.{test,spec}.{ts,tsx,js,jsx}: Run failing tests with command 'npx jest <path/to/test.js> --no-coverage' instead of full test suites in Notion Chrome Extension for faster feedback loops during logic fixes.
When mocking objects in Notion Chrome Extension tests, ensure mock object depth is sufficient. For example, mocking an img tag requires including 'dataset: {}' property.
When mocking Logger in Notion Chrome Extension tests, ensure all methods (success, start, ready, info, debug, warn, error) are defined as jest.fn() in the mock setup.
In Notion Chrome Extension tests using ErrorHandler.formatUserMessage, target assertions against Chinese strings (user-facing messages) rather than original English API messages for I18N awareness.
In Notion Chrome Extension tests, avoid vague string matching for Logger assertions. Use 'expect.objectContaining' to assert exact expected metadata objects for Logger calls.

Files:

• tests/unit/imageUtils.utils.test.js

**/*.{test,spec}.{js,ts}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/testing_rules.json)

**/*.{test,spec}.{js,ts}: Always reference data structures (HTML snippets, Notion JSON responses) from .agents/.shared/references/ instead of hardcoding large payloads in test files.
Use .agents/.shared/references/notion_api/ for Notion block structures and database properties in test fixtures.
Do not mutate window.chrome directly. Override global.chrome for mocking Chrome API in tests.
Declare mock variables and spies at the top level and initialize them in beforeEach for Chrome API mocking setup.
Execute jest.clearAllMocks() and clean up global.chrome in afterEach to prevent test pollution.

Files:

• tests/unit/imageUtils.utils.test.js

🧠 Learnings (3)

📓 Common learnings

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-02-26T20:59:55.454Z
Learning: Commit Message 必須使用繁體中文，若變更的檔案僅包含測試程式碼（如 .test.js, .spec.js, tests/ 目錄），則必須使用 `test` 類型，絕不可以使用 `feat` 或 `fix`。

📚 Learning: 2026-03-06T18:35:38.641Z

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .agents/.shared/knowledge/debugging_rules.json:0-0
Timestamp: 2026-03-06T18:35:38.641Z
Learning: Applies to **/*.{test,spec}.{ts,tsx,js,jsx} : When mocking objects in Notion Chrome Extension tests, ensure mock object depth is sufficient. For example, mocking an img tag requires including 'dataset: {}' property.

Applied to files:

• tests/unit/imageUtils.utils.test.js

📚 Learning: 2026-03-06T18:35:38.641Z

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .agents/.shared/knowledge/debugging_rules.json:0-0
Timestamp: 2026-03-06T18:35:38.641Z
Learning: Applies to **/*.{test,spec}.{ts,tsx,js,jsx} : In Notion Chrome Extension tests using ErrorHandler.formatUserMessage, target assertions against Chinese strings (user-facing messages) rather than original English API messages for I18N awareness.

Applied to files:

• tests/unit/imageUtils.utils.test.js

🔇 Additional comments (2)

scripts/utils/imageUtils.js (1)

162-170: 這段早退判斷修復方向正確。

保留路徑中的嵌入式 percent-encoded URL，能避免 decodeURI 將 %3A%2F%2F 還原成 :// 後破壞 CDN 路徑語義。

tests/unit/imageUtils.utils.test.js (1)

70-93: 新增的 CDN 代理 URL 測試覆蓋很到位。

這批案例直接鎖定 %3A%2F%2F 路徑保留行為，能有效防止同類回歸。

[coderabbitai]

♻️ Duplicate comments (1)

tests/unit/imageUtils.utils.test.js (1)

97-101: ⚠️ Potential issue | 🟡 Minor

測試名稱與實際斷言目標不一致。

Line 97 名稱寫的是 isValidCleanedImageUrl，但 Line 101 斷言實際呼叫 isValidImageUrl。請擇一對齊，避免誤讀。

✏️ 建議調整

-    test('cleanImageUrl 對 Substack URL 應通過 isValidCleanedImageUrl 驗證', () => {
+    test('Substack URL 應通過 isValidImageUrl 驗證', () => {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tests/unit/imageUtils.utils.test.js` around lines 97 - 101, Test title and
assertion disagree: the test description mentions isValidCleanedImageUrl but the
assertion calls isValidImageUrl. Fix by making the assertion and title
consistent—either change the expect(...) call to use isValidCleanedImageUrl or
rename the test string to reference isValidImageUrl; update the test description
(the string passed to test(...)) and/or the expectation call (isValidImageUrl →
isValidCleanedImageUrl) so the test name and the function under test match.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@tests/unit/imageUtils.utils.test.js`:
- Around line 97-101: Test title and assertion disagree: the test description
mentions isValidCleanedImageUrl but the assertion calls isValidImageUrl. Fix by
making the assertion and title consistent—either change the expect(...) call to
use isValidCleanedImageUrl or rename the test string to reference
isValidImageUrl; update the test description (the string passed to test(...))
and/or the expectation call (isValidImageUrl → isValidCleanedImageUrl) so the
test name and the function under test match.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: fb0c5b0b-a676-4f66-9ad4-088f676a0fee

📥 Commits

Reviewing files that changed from the base of the PR and between 0990b67 and 95df3ab.

📒 Files selected for processing (3)

• scripts/config/extraction.js
• scripts/utils/imageUtils.js
• tests/unit/imageUtils.utils.test.js

📜 Review details

🧰 Additional context used

📓 Path-based instructions (11)

**/*.js

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

此專案為 Chrome Extension (Manifest V3)，必須使用 Vanilla JavaScript (ES6+ Modules) 作為核心語言，CommonJS 用於 Node 腳本。

Files:

• scripts/config/extraction.js
• tests/unit/imageUtils.utils.test.js
• scripts/utils/imageUtils.js

**/*.{js,ts,tsx,jsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

禁止使用 TypeScript（除非明確要求）、React、Vue、Webpack。

Do not use console.log() statements in production code

Files:

• scripts/config/extraction.js
• tests/unit/imageUtils.utils.test.js
• scripts/utils/imageUtils.js

**/*.{js,ts,tsx,jsx,py,java,cs,rb,go,swift,kt,php,md}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/linter_rules.json)

Use Traditional Chinese (zh-TW) for all code comments, documentation, and string content, with strict enforcement except for technical terms and variable names

Files:

• scripts/config/extraction.js
• tests/unit/imageUtils.utils.test.js
• scripts/utils/imageUtils.js

**/*.{js,ts,tsx,jsx,py,java,cs,rb,go,swift,kt,php}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/linter_rules.json)

**/*.{js,ts,tsx,jsx,py,java,cs,rb,go,swift,kt,php}: Do not use magic numbers in code; extract them to constants defined in a dedicated constants module
Use a dedicated constants module for defining and exporting all constant values

Files:

• scripts/config/extraction.js
• tests/unit/imageUtils.utils.test.js
• scripts/utils/imageUtils.js

**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/security_rules.json)

**/*.{js,ts,jsx,tsx}: Force strict whitelisting for file downloads: appended files must be restricted to '.json' or '.txt' extensions with explicitly designated MIME types. Never use arbitrary user input for filenames to prevent Reflected File Download (RFD) attacks.
Always prefer textContent for DOM operations. If SVG mixed content requires text updates, find the TEXT_NODE and update its textContent rather than using innerHTML on the parent.
Rely on LogSanitizer to strip sensitive properties (like sender, tab, PII) before emitting logs in production.

Follow the project's ESLint configuration and do not emit DeepSource (skipcq) comments.

**/*.{js,ts,jsx,tsx}: Reject PR if attempting to log complete sender, tab, request objects or raw HTML content. Require using IDs only (e.g., sender?.id, tab?.id), and wrapping URLs with sanitizeUrlForLogging() and API errors with sanitizeApiError().
Reject PR if attempting to store large HTML content, Base64 images, or heavy payloads into chrome.storage.sync. Require storing large payloads in chrome.storage.local or IndexedDB.
Reject PR if introducing new core business logic without corresponding unit or E2E tests. Require TDD and ensure Codecov checks do not fail (< 50%).
Avoid exposing internal-only, non-actionable, non-blocking cleanup/reconciliation/retry failures directly as user-facing errors. Keep the canonical user-facing state, log the internal failure, and handle retry/recovery inside the relevant service or canonical path unless the failure truly blocks the user's next action.
Verify all Logger.info/error calls correctly sanitize data with no PII and no raw HTML.
Verify cache and large data usage strictly targets chrome.storage.local rather than chrome.storage.sync.

Files:

• scripts/config/extraction.js
• tests/unit/imageUtils.utils.test.js
• scripts/utils/imageUtils.js

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/debugging_rules.json)

**/*.{ts,tsx,js,jsx}: Use Logger.success(msg, ctx?) for operation success confirmation in Notion Chrome Extension. Output prefix: [INFO] ✅. The Logger class auto-manages the emoji icon.
Use Logger.start(msg, ctx?) for process launch notifications in Notion Chrome Extension. Output prefix: [INFO] 🚀. The Logger class auto-manages the emoji icon.
Use Logger.ready(msg, ctx?) for module or resource readiness notifications in Notion Chrome Extension. Output prefix: [INFO] 📦. The Logger class auto-manages the emoji icon.
Use Logger.info(msg, ctx?) for general informational messages in Notion Chrome Extension. Output prefix: [INFO]. No auto-managed emoji icon.
Use Logger.debug(msg, ctx?) for development debugging in Notion Chrome Extension. Output prefix: [DEBUG]. Controlled by enableDebugLogs switch.
Use Logger.warn(msg, ctx?) for non-fatal warnings in Notion Chrome Extension. Output prefix: [WARN] ⚠️. The Logger class auto-manages the emoji icon.
Use Logger.error(msg, ctx?) for error recording in Notion Chrome Extension. Output prefix: [ERROR] ❌. The Logger class auto-manages the emoji icon. Always displayed regardless of debug switch.
Do NOT manually insert emoji icons (✅, 🚀, 📦, ⚠️, ❌) into log messages. The Logger class auto-manages these icons. Only manually use special semantic emoji like 🔍 (search) or 🗑️ (delete) when needed for semantic clarity.
Use 'action' field in Logger context to record public API function names (e.g., 'loadHighlights', 'savePage') for structured logging in Notion Chrome Extension.
Use 'operation' field in Logger context to record internal operation steps (e.g., 'parseLocalStorage', 'buildUrl') for structured logging in Notion Chrome Extension.
Use 'phase' field in Logger context (optional) to record execution stages (e.g., 'validation', 'apiCall') for structured logging in Notion Chrome Extension.
Use 'result' field in Logger context to record operation results (e.g., 'blocked', 'success', 'failed') for structured logging in Notion Chr...

Files:

• scripts/config/extraction.js
• tests/unit/imageUtils.utils.test.js
• scripts/utils/imageUtils.js

**/*.{js,ts,jsx,tsx,md}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/code_review_rules.json)

Maintain code comments and documentation in Traditional Chinese.

Files:

• scripts/config/extraction.js
• tests/unit/imageUtils.utils.test.js
• scripts/utils/imageUtils.js

**/*

⚙️ CodeRabbit configuration file

**/*: # Project Specific Guidelines

1. Language: All user-facing UI text, strings, and messages MUST be in Traditional Chinese (zh-TW).
2. Architecture: Follow the defined storage structures and specs. Do not introduce unauthorized storage fields.
3. Code Quality: Avoid N+1 issues, blocking operations, and ensure high code quality. Suggest optimizations that follow modern JavaScript/Chrome Extension best practices.

Files:

• scripts/config/extraction.js
• tests/unit/imageUtils.utils.test.js
• scripts/utils/imageUtils.js

**/*.test.js

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

單元測試邏輯使用 Jest，需要使用 Mocking patterns。

Files:

• tests/unit/imageUtils.utils.test.js

**/*.{test,spec}.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/debugging_rules.json)

**/*.{test,spec}.{ts,tsx,js,jsx}: Run failing tests with command 'npx jest <path/to/test.js> --no-coverage' instead of full test suites in Notion Chrome Extension for faster feedback loops during logic fixes.
When mocking objects in Notion Chrome Extension tests, ensure mock object depth is sufficient. For example, mocking an img tag requires including 'dataset: {}' property.
When mocking Logger in Notion Chrome Extension tests, ensure all methods (success, start, ready, info, debug, warn, error) are defined as jest.fn() in the mock setup.
In Notion Chrome Extension tests using ErrorHandler.formatUserMessage, target assertions against Chinese strings (user-facing messages) rather than original English API messages for I18N awareness.
In Notion Chrome Extension tests, avoid vague string matching for Logger assertions. Use 'expect.objectContaining' to assert exact expected metadata objects for Logger calls.

Files:

• tests/unit/imageUtils.utils.test.js

**/*.{test,spec}.{js,ts}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/testing_rules.json)

**/*.{test,spec}.{js,ts}: Always reference data structures (HTML snippets, Notion JSON responses) from .agents/.shared/references/ instead of hardcoding large payloads in test files.
Use .agents/.shared/references/notion_api/ for Notion block structures and database properties in test fixtures.
Do not mutate window.chrome directly. Override global.chrome for mocking Chrome API in tests.
Declare mock variables and spies at the top level and initialize them in beforeEach for Chrome API mocking setup.
Execute jest.clearAllMocks() and clean up global.chrome in afterEach to prevent test pollution.

Files:

• tests/unit/imageUtils.utils.test.js

🧠 Learnings (6)

📓 Common learnings

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-02-26T20:59:55.454Z
Learning: Commit Message 必須使用繁體中文，若變更的檔案僅包含測試程式碼（如 .test.js, .spec.js, tests/ 目錄），則必須使用 `test` 類型，絕不可以使用 `feat` 或 `fix`。

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .agents/.shared/knowledge/debugging_rules.json:0-0
Timestamp: 2026-03-06T18:35:38.641Z
Learning: Applies to **/*.{test,spec}.{ts,tsx,js,jsx} : In Notion Chrome Extension tests using ErrorHandler.formatUserMessage, target assertions against Chinese strings (user-facing messages) rather than original English API messages for I18N awareness.

📚 Learning: 2026-03-06T18:35:38.641Z

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .agents/.shared/knowledge/debugging_rules.json:0-0
Timestamp: 2026-03-06T18:35:38.641Z
Learning: Applies to **/*.{test,spec}.{ts,tsx,js,jsx} : In Notion Chrome Extension tests using ErrorHandler.formatUserMessage, target assertions against Chinese strings (user-facing messages) rather than original English API messages for I18N awareness.

Applied to files:

• tests/unit/imageUtils.utils.test.js

📚 Learning: 2026-03-06T18:35:38.641Z

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .agents/.shared/knowledge/debugging_rules.json:0-0
Timestamp: 2026-03-06T18:35:38.641Z
Learning: Applies to **/*.{test,spec}.{ts,tsx,js,jsx} : When mocking objects in Notion Chrome Extension tests, ensure mock object depth is sufficient. For example, mocking an img tag requires including 'dataset: {}' property.

Applied to files:

• tests/unit/imageUtils.utils.test.js

📚 Learning: 2026-03-06T18:35:38.641Z

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .agents/.shared/knowledge/debugging_rules.json:0-0
Timestamp: 2026-03-06T18:35:38.641Z
Learning: Applies to **/*.{test,spec}.{ts,tsx,js,jsx} : In Notion Chrome Extension tests, avoid vague string matching for Logger assertions. Use 'expect.objectContaining' to assert exact expected metadata objects for Logger calls.

Applied to files:

• tests/unit/imageUtils.utils.test.js

📚 Learning: 2026-03-23T04:16:46.480Z

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .agents/.shared/knowledge/code_review_rules.json:0-0
Timestamp: 2026-03-23T04:16:46.480Z
Learning: Applies to **/*.{js,ts,jsx,tsx} : Verify all Logger.info/error calls correctly sanitize data with no PII and no raw HTML.

Applied to files:

• scripts/utils/imageUtils.js

📚 Learning: 2026-03-23T04:16:46.480Z

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .agents/.shared/knowledge/code_review_rules.json:0-0
Timestamp: 2026-03-23T04:16:46.480Z
Learning: Applies to **/*.{js,ts,jsx,tsx} : Reject PR if attempting to log complete sender, tab, request objects or raw HTML content. Require using IDs only (e.g., sender?.id, tab?.id), and wrapping URLs with sanitizeUrlForLogging() and API errors with sanitizeApiError().

Applied to files:

• scripts/utils/imageUtils.js

🔇 Additional comments (4)

scripts/config/extraction.js (1)

98-98: 嵌入式協議偵測 regex 抽成常數做得很好。

此做法讓後續在 URL 正規化流程中重用更一致，也降低維護成本。

tests/unit/imageUtils.utils.test.js (1)

70-95: CDN 代理 URL 回歸覆蓋補得很完整。

Substack、Cloudinary 與 Markdown 敏感字元情境都有覆蓋，對這次修復很有保護力。

scripts/utils/imageUtils.js (2)

10-13: 常數改由配置模組匯入，方向正確。

避免在工具函式中散落規則，後續維護與重用性更好。

---

165-174: CDN 嵌入式 encoded URL 的保護分支實作正確。

這段能有效避免 decodeURI() 破壞 Substack/Cloudinary 類型路徑，同時仍保留 Markdown/Notion 必要編碼。

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (1)

scripts/utils/imageUtils.js (1)

865-865: 🛠️ Refactor suggestion | 🟠 Major

避免重複內嵌 regex，改用既有常數以防規則漂移。

此處直接寫 /%3A%2F%2F/i，建議重用 EMBEDDED_URL_ENCODED_HTTP_PROTOCOL_REGEX。

As per coding guidelines: Do not use magic numbers in code; extract them to constants defined in a dedicated constants module 與 Use a dedicated constants module for defining and exporting all constant values.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@scripts/utils/imageUtils.js` at line 865, Replace the inline regex
/%3A%2F%2F/i in the conditional with the shared constant
EMBEDDED_URL_ENCODED_HTTP_PROTOCOL_REGEX to avoid duplicated regex definitions;
import that constant from the module that exports it (where other regex
constants live) and use EMBEDDED_URL_ENCODED_HTTP_PROTOCOL_REGEX.test(url) in
the if condition (keeping the existing negated /^https?:\/\//i check), ensuring
you remove the hardcoded literal so the code consistently uses the centralized
constant.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@scripts/utils/imageUtils.js`:
- Around line 857-866: The function _isPlausibleImageUrl currently rejects URLs
containing percent-encoded "://” if they don’t start with http(s)://, which
incorrectly excludes protocol-relative URLs like //substackcdn.com/...; update
the conditional that checks for embedded %3A%2F%2F so it treats
protocol-relative URLs as valid by also allowing strings that start with "//"
(i.e. change the check from only /^https?:\/\//i to allow /^\/\// as well),
keeping the existing rejection for truly truncated fragments that neither start
with http(s):// nor //.

In `@tests/unit/imageUtils.utils.test.js`:
- Around line 354-370: Add a second unit test that mirrors the existing Substack
CDN case but uses a protocol-relative srcset (e.g., beginning with
//substackcdn.com/.../https%3A%2F%2F...) and a matching protocol-relative or
full src, to ensure extractImageSrc still falls back to the full src when srcset
is broken; locate the existing test using createMockImg and extractImageSrc as
references and duplicate the scenario with the protocol-relative URLs, asserting
the returned value equals the full src and contains "substackcdn.com".

---

Duplicate comments:
In `@scripts/utils/imageUtils.js`:
- Line 865: Replace the inline regex /%3A%2F%2F/i in the conditional with the
shared constant EMBEDDED_URL_ENCODED_HTTP_PROTOCOL_REGEX to avoid duplicated
regex definitions; import that constant from the module that exports it (where
other regex constants live) and use
EMBEDDED_URL_ENCODED_HTTP_PROTOCOL_REGEX.test(url) in the if condition (keeping
the existing negated /^https?:\/\//i check), ensuring you remove the hardcoded
literal so the code consistently uses the centralized constant.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 3a2285dd-6d16-4f5b-b3fb-6b8f4523dc6d

📥 Commits

Reviewing files that changed from the base of the PR and between 95df3ab and 7677b73.

📒 Files selected for processing (2)

• scripts/utils/imageUtils.js
• tests/unit/imageUtils.utils.test.js

📜 Review details

🧰 Additional context used

📓 Path-based instructions (11)

**/*.js

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

此專案為 Chrome Extension (Manifest V3)，必須使用 Vanilla JavaScript (ES6+ Modules) 作為核心語言，CommonJS 用於 Node 腳本。

Files:

• tests/unit/imageUtils.utils.test.js
• scripts/utils/imageUtils.js

**/*.test.js

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

單元測試邏輯使用 Jest，需要使用 Mocking patterns。

Files:

• tests/unit/imageUtils.utils.test.js

**/*.{js,ts,tsx,jsx}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

禁止使用 TypeScript（除非明確要求）、React、Vue、Webpack。

Do not use console.log() statements in production code

Files:

• tests/unit/imageUtils.utils.test.js
• scripts/utils/imageUtils.js

**/*.{js,ts,tsx,jsx,py,java,cs,rb,go,swift,kt,php,md}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/linter_rules.json)

Use Traditional Chinese (zh-TW) for all code comments, documentation, and string content, with strict enforcement except for technical terms and variable names

Files:

• tests/unit/imageUtils.utils.test.js
• scripts/utils/imageUtils.js

**/*.{js,ts,tsx,jsx,py,java,cs,rb,go,swift,kt,php}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/linter_rules.json)

**/*.{js,ts,tsx,jsx,py,java,cs,rb,go,swift,kt,php}: Do not use magic numbers in code; extract them to constants defined in a dedicated constants module
Use a dedicated constants module for defining and exporting all constant values

Files:

• tests/unit/imageUtils.utils.test.js
• scripts/utils/imageUtils.js

**/*.{js,ts,jsx,tsx}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/security_rules.json)

**/*.{js,ts,jsx,tsx}: Force strict whitelisting for file downloads: appended files must be restricted to '.json' or '.txt' extensions with explicitly designated MIME types. Never use arbitrary user input for filenames to prevent Reflected File Download (RFD) attacks.
Always prefer textContent for DOM operations. If SVG mixed content requires text updates, find the TEXT_NODE and update its textContent rather than using innerHTML on the parent.
Rely on LogSanitizer to strip sensitive properties (like sender, tab, PII) before emitting logs in production.

Follow the project's ESLint configuration and do not emit DeepSource (skipcq) comments.

**/*.{js,ts,jsx,tsx}: Reject PR if attempting to log complete sender, tab, request objects or raw HTML content. Require using IDs only (e.g., sender?.id, tab?.id), and wrapping URLs with sanitizeUrlForLogging() and API errors with sanitizeApiError().
Reject PR if attempting to store large HTML content, Base64 images, or heavy payloads into chrome.storage.sync. Require storing large payloads in chrome.storage.local or IndexedDB.
Reject PR if introducing new core business logic without corresponding unit or E2E tests. Require TDD and ensure Codecov checks do not fail (< 50%).
Avoid exposing internal-only, non-actionable, non-blocking cleanup/reconciliation/retry failures directly as user-facing errors. Keep the canonical user-facing state, log the internal failure, and handle retry/recovery inside the relevant service or canonical path unless the failure truly blocks the user's next action.
Verify all Logger.info/error calls correctly sanitize data with no PII and no raw HTML.
Verify cache and large data usage strictly targets chrome.storage.local rather than chrome.storage.sync.

Files:

• tests/unit/imageUtils.utils.test.js
• scripts/utils/imageUtils.js

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/debugging_rules.json)

**/*.{ts,tsx,js,jsx}: Use Logger.success(msg, ctx?) for operation success confirmation in Notion Chrome Extension. Output prefix: [INFO] ✅. The Logger class auto-manages the emoji icon.
Use Logger.start(msg, ctx?) for process launch notifications in Notion Chrome Extension. Output prefix: [INFO] 🚀. The Logger class auto-manages the emoji icon.
Use Logger.ready(msg, ctx?) for module or resource readiness notifications in Notion Chrome Extension. Output prefix: [INFO] 📦. The Logger class auto-manages the emoji icon.
Use Logger.info(msg, ctx?) for general informational messages in Notion Chrome Extension. Output prefix: [INFO]. No auto-managed emoji icon.
Use Logger.debug(msg, ctx?) for development debugging in Notion Chrome Extension. Output prefix: [DEBUG]. Controlled by enableDebugLogs switch.
Use Logger.warn(msg, ctx?) for non-fatal warnings in Notion Chrome Extension. Output prefix: [WARN] ⚠️. The Logger class auto-manages the emoji icon.
Use Logger.error(msg, ctx?) for error recording in Notion Chrome Extension. Output prefix: [ERROR] ❌. The Logger class auto-manages the emoji icon. Always displayed regardless of debug switch.
Do NOT manually insert emoji icons (✅, 🚀, 📦, ⚠️, ❌) into log messages. The Logger class auto-manages these icons. Only manually use special semantic emoji like 🔍 (search) or 🗑️ (delete) when needed for semantic clarity.
Use 'action' field in Logger context to record public API function names (e.g., 'loadHighlights', 'savePage') for structured logging in Notion Chrome Extension.
Use 'operation' field in Logger context to record internal operation steps (e.g., 'parseLocalStorage', 'buildUrl') for structured logging in Notion Chrome Extension.
Use 'phase' field in Logger context (optional) to record execution stages (e.g., 'validation', 'apiCall') for structured logging in Notion Chrome Extension.
Use 'result' field in Logger context to record operation results (e.g., 'blocked', 'success', 'failed') for structured logging in Notion Chr...

Files:

• tests/unit/imageUtils.utils.test.js
• scripts/utils/imageUtils.js

**/*.{test,spec}.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/debugging_rules.json)

**/*.{test,spec}.{ts,tsx,js,jsx}: Run failing tests with command 'npx jest <path/to/test.js> --no-coverage' instead of full test suites in Notion Chrome Extension for faster feedback loops during logic fixes.
When mocking objects in Notion Chrome Extension tests, ensure mock object depth is sufficient. For example, mocking an img tag requires including 'dataset: {}' property.
When mocking Logger in Notion Chrome Extension tests, ensure all methods (success, start, ready, info, debug, warn, error) are defined as jest.fn() in the mock setup.
In Notion Chrome Extension tests using ErrorHandler.formatUserMessage, target assertions against Chinese strings (user-facing messages) rather than original English API messages for I18N awareness.
In Notion Chrome Extension tests, avoid vague string matching for Logger assertions. Use 'expect.objectContaining' to assert exact expected metadata objects for Logger calls.

Files:

• tests/unit/imageUtils.utils.test.js

**/*.{test,spec}.{js,ts}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/testing_rules.json)

**/*.{test,spec}.{js,ts}: Always reference data structures (HTML snippets, Notion JSON responses) from .agents/.shared/references/ instead of hardcoding large payloads in test files.
Use .agents/.shared/references/notion_api/ for Notion block structures and database properties in test fixtures.
Do not mutate window.chrome directly. Override global.chrome for mocking Chrome API in tests.
Declare mock variables and spies at the top level and initialize them in beforeEach for Chrome API mocking setup.
Execute jest.clearAllMocks() and clean up global.chrome in afterEach to prevent test pollution.

Files:

• tests/unit/imageUtils.utils.test.js

**/*.{js,ts,jsx,tsx,md}

📄 CodeRabbit inference engine (.agents/.shared/knowledge/code_review_rules.json)

Maintain code comments and documentation in Traditional Chinese.

Files:

• tests/unit/imageUtils.utils.test.js
• scripts/utils/imageUtils.js

**/*

⚙️ CodeRabbit configuration file

**/*: # Project Specific Guidelines

1. Language: All user-facing UI text, strings, and messages MUST be in Traditional Chinese (zh-TW).
2. Architecture: Follow the defined storage structures and specs. Do not introduce unauthorized storage fields.
3. Code Quality: Avoid N+1 issues, blocking operations, and ensure high code quality. Suggest optimizations that follow modern JavaScript/Chrome Extension best practices.

Files:

• tests/unit/imageUtils.utils.test.js
• scripts/utils/imageUtils.js

🧠 Learnings (10)

📓 Common learnings

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-02-26T20:59:55.454Z
Learning: Commit Message 必須使用繁體中文，若變更的檔案僅包含測試程式碼（如 .test.js, .spec.js, tests/ 目錄），則必須使用 `test` 類型，絕不可以使用 `feat` 或 `fix`。

📚 Learning: 2026-03-06T18:35:38.641Z

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .agents/.shared/knowledge/debugging_rules.json:0-0
Timestamp: 2026-03-06T18:35:38.641Z
Learning: Applies to **/*.{test,spec}.{ts,tsx,js,jsx} : When mocking objects in Notion Chrome Extension tests, ensure mock object depth is sufficient. For example, mocking an img tag requires including 'dataset: {}' property.

Applied to files:

• tests/unit/imageUtils.utils.test.js

📚 Learning: 2026-03-06T18:35:38.641Z

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .agents/.shared/knowledge/debugging_rules.json:0-0
Timestamp: 2026-03-06T18:35:38.641Z
Learning: Applies to **/*.{test,spec}.{ts,tsx,js,jsx} : Run failing tests with command 'npx jest <path/to/test.js> --no-coverage' instead of full test suites in Notion Chrome Extension for faster feedback loops during logic fixes.

Applied to files:

• tests/unit/imageUtils.utils.test.js

📚 Learning: 2026-03-10T08:21:13.819Z

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .agents/.shared/knowledge/testing_rules.json:0-0
Timestamp: 2026-03-10T08:21:13.819Z
Learning: Applies to **/*.{test,spec}.{js,ts} : Execute jest.clearAllMocks() and clean up global.chrome in afterEach to prevent test pollution.

Applied to files:

• tests/unit/imageUtils.utils.test.js

📚 Learning: 2026-03-06T18:35:38.641Z

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .agents/.shared/knowledge/debugging_rules.json:0-0
Timestamp: 2026-03-06T18:35:38.641Z
Learning: Applies to **/*.{test,spec}.{ts,tsx,js,jsx} : In Notion Chrome Extension tests using ErrorHandler.formatUserMessage, target assertions against Chinese strings (user-facing messages) rather than original English API messages for I18N awareness.

Applied to files:

• tests/unit/imageUtils.utils.test.js

📚 Learning: 2026-03-10T08:21:13.819Z

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .agents/.shared/knowledge/testing_rules.json:0-0
Timestamp: 2026-03-10T08:21:13.819Z
Learning: Applies to **/{storage,migration,highlight}/**/*.{js,ts} : Achieve 90%+ code coverage for Storage, Migration, and Highlighting algorithms in unit tests.

Applied to files:

• tests/unit/imageUtils.utils.test.js

📚 Learning: 2026-03-06T18:35:38.641Z

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .agents/.shared/knowledge/debugging_rules.json:0-0
Timestamp: 2026-03-06T18:35:38.641Z
Learning: Applies to **/*.{test,spec}.{ts,tsx,js,jsx} : In Notion Chrome Extension tests, avoid vague string matching for Logger assertions. Use 'expect.objectContaining' to assert exact expected metadata objects for Logger calls.

Applied to files:

• tests/unit/imageUtils.utils.test.js

📚 Learning: 2026-02-26T20:59:55.454Z

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-02-26T20:59:55.454Z
Learning: Applies to **/*.test.js : 單元測試邏輯使用 Jest，需要使用 Mocking patterns。

Applied to files:

• tests/unit/imageUtils.utils.test.js

📚 Learning: 2026-03-23T04:16:46.480Z

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .agents/.shared/knowledge/code_review_rules.json:0-0
Timestamp: 2026-03-23T04:16:46.480Z
Learning: Applies to **/*.{js,ts,jsx,tsx} : Verify all Logger.info/error calls correctly sanitize data with no PII and no raw HTML.

Applied to files:

• scripts/utils/imageUtils.js

📚 Learning: 2026-03-23T04:16:46.480Z

Learnt from: CR
Repo: cowcfj/save-to-notion PR: 0
File: .agents/.shared/knowledge/code_review_rules.json:0-0
Timestamp: 2026-03-23T04:16:46.480Z
Learning: Applies to **/*.{js,ts,jsx,tsx} : Reject PR if attempting to log complete sender, tab, request objects or raw HTML content. Require using IDs only (e.g., sender?.id, tab?.id), and wrapping URLs with sanitizeUrlForLogging() and API errors with sanitizeApiError().

Applied to files:

• scripts/utils/imageUtils.js

🔇 Additional comments (3)

scripts/utils/imageUtils.js (2)

165-174: CDN 嵌入式編碼 URL 的保留策略正確。

這段 bypass 能避免 decodeURI/encodeURI 破壞 %3A%2F%2F 路徑語義，且仍保留 Notion/Markdown 敏感字元編碼，方向正確。

---

896-904: srcset 先驗證再回退的控制流合理。

這能直接攔截 Substack/Cloudinary 逗號截斷片段，降低錯誤 URL 被優先採用的機率。

tests/unit/imageUtils.utils.test.js (1)

70-102: CDN 嵌入式 percent-encoded URL 的測試覆蓋完整且到位。

這組案例有對齊實際回歸風險（保留 %3A%2F%2F、Markdown 敏感字元編碼、clean 後有效性檢查）。

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
83.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud