jujutsu-skills

shoko/jujutsu-skills

Fork 0

Commit Graph

Author	SHA1	Message	Date
shoko	8cde441996	Fix #15 : Unify duplicate time functions into _get_time_data() Replace three duplicated time parsing functions with a single _get_time_data(e, tz) helper returning {time_status, time_urgency, abs_time}. Deleted functions: - get_match_time_status(e) — urgency + status string - get_match_time_str(e) — status string only - get_start_time_wib(e) — (abs_time, rel_str) tuple New unified helper: - _get_time_data(e, tz=None) returns {time_status, time_urgency, abs_time} - tz defaults to WIB (UTC+7, Indonesia) - canonical rel_str format: 'LIVE', 'In 6h', '12h ago', etc. - time_urgency: 0-3 (higher=livelier) All call sites updated to use _get_time_data(): - format_event(), format_detail_event() - print_browse(), print_detail() - send_to_telegram() Also: removed dead code in print_detail() that called get_match_time_str() but never used the result. Tests: 9 new tests for _get_time_data() covering TBD, future, live, and past event scenarios. 19 tests total, all passing. Fixes: #15	2026-03-25 13:59:54 +00:00
shoko	d0534aedbf	Fix #5 : HTML injection in Telegram messages Add escape_html() function to prevent HTML injection in Telegram parse_mode=HTML messages. Apply escaping to event titles inserted into <a> tags in send_to_telegram(). - Add escape_html() using stdlib html.escape() - Escape match event titles (line 648) and non-match titles (line 676) - Add TestHtmlInjection with 2 tests proving fix: - <script> tags escaped as <script> - & ampersands escaped as & - Fixes HIGH severity: titles from Polymarket API were inserted without escaping, allowing malformed HTML in Telegram messages	2026-03-25 11:42:42 +00:00
shoko	f9c4bac7b8	Refactor send() to module-level send_telegram_message() for testability Extract the nested send() function into a module-level send_telegram_message(bot_token, chat_id, text, timeout=10) function. This enables unit testing without hitting the real Telegram API. Changes: - Add send_telegram_message() at module level in TELEGRAM section - Replace nested send() with thin wrapper that calls send_telegram_message() - Update argparse --telegram help text to use TELEGRAM_BOT_TOKEN - Add tests/test_browse.py with 8 unit tests covering: - Success case (returns message_id) - API error (RuntimeError) - Invalid token (HTTPError 404) - Rate limit (HTTPError 429) - Network error (URLError) - Timeout (URLError) - Custom timeout parameter - HTML parse_mode in request Ref: #4	2026-03-25 11:07:10 +00:00

Author

SHA1

Message

Date

shoko

8cde441996

Fix #15 : Unify duplicate time functions into _get_time_data()

Replace three duplicated time parsing functions with a single
_get_time_data(e, tz) helper returning {time_status, time_urgency, abs_time}.

Deleted functions:
- get_match_time_status(e)  — urgency + status string
- get_match_time_str(e)    — status string only
- get_start_time_wib(e)    — (abs_time, rel_str) tuple

New unified helper:
- _get_time_data(e, tz=None) returns {time_status, time_urgency, abs_time}
- tz defaults to WIB (UTC+7, Indonesia)
- canonical rel_str format: 'LIVE', 'In 6h', '12h ago', etc.
- time_urgency: 0-3 (higher=livelier)

All call sites updated to use _get_time_data():
- format_event(), format_detail_event()
- print_browse(), print_detail()
- send_to_telegram()

Also: removed dead code in print_detail() that called get_match_time_str()
but never used the result.

Tests: 9 new tests for _get_time_data() covering TBD, future, live,
and past event scenarios. 19 tests total, all passing.

Fixes: #15

2026-03-25 13:59:54 +00:00

shoko

d0534aedbf

Fix #5 : HTML injection in Telegram messages

Add escape_html() function to prevent HTML injection in Telegram
parse_mode=HTML messages. Apply escaping to event titles inserted
into <a> tags in send_to_telegram().

- Add escape_html() using stdlib html.escape()
- Escape match event titles (line 648) and non-match titles (line 676)
- Add TestHtmlInjection with 2 tests proving fix:
  - <script> tags escaped as &lt;script&gt;
  - & ampersands escaped as &amp;
- Fixes HIGH severity: titles from Polymarket API were inserted
  without escaping, allowing malformed HTML in Telegram messages

2026-03-25 11:42:42 +00:00

shoko

f9c4bac7b8

Refactor send() to module-level send_telegram_message() for testability

Extract the nested send() function into a module-level
send_telegram_message(bot_token, chat_id, text, timeout=10)
function. This enables unit testing without hitting the real
Telegram API.

Changes:
- Add send_telegram_message() at module level in TELEGRAM section
- Replace nested send() with thin wrapper that calls
  send_telegram_message()
- Update argparse --telegram help text to use TELEGRAM_BOT_TOKEN
- Add tests/test_browse.py with 8 unit tests covering:
  - Success case (returns message_id)
  - API error (RuntimeError)
  - Invalid token (HTTPError 404)
  - Rate limit (HTTPError 429)
  - Network error (URLError)
  - Timeout (URLError)
  - Custom timeout parameter
  - HTML parse_mode in request

Ref: #4

2026-03-25 11:07:10 +00:00

3 Commits