Restore blog RSS post rendering with resilient /api/rss fallback parsing

[Copilot]

Blog feed cards were failing to populate because /api/rss depended on a single upstream XML feed path that can return challenge HTML/invalid payloads in production. This change makes feed ingestion tolerant of those upstream failure modes so posts still render.

• Feed retrieval hardening

  • Added a secondary fetch path to /{origin}/wp-json/wp/v2/posts when primary RSS/Atom fetch returns:
    • non-2xx
    • text/html (challenge/redirect pages)
    • non-feed XML
    • empty parsed items
    • network/timeout errors
  • Primary behavior remains RSS/Atom-first; fallback is only used on failure/empty conditions.

• Parsing quality improvements

  • Extended XML entity decoding to include numeric entities (&#...;, &#x...;) so excerpts/titles from WordPress-style content render correctly.
  • Added runtime-safe timeout signal creation (uses AbortSignal.timeout when present, otherwise AbortController fallback) to avoid environment-specific timeout regressions.

• Targeted API behavior coverage

  • Added tests for:
    • numeric entity decoding in feed descriptions
    • fallback-to-WordPress path when feed endpoint returns HTML

// /api/rss fallback trigger (simplified)
if (!response.ok || mimeType === 'text/html' || !isValidFeedDocument(xml) || items.length === 0) {
  const fallbackItems = await tryWordPressFallback();
  if (fallbackItems) return json({ items: fallbackItems });
}

[Copilot]

Pull request overview

Improves the resilience of the blog RSS ingestion endpoint (/api/rss) so feed-backed UI can still render posts when the upstream XML feed is blocked/invalid by falling back to the WordPress REST posts API.

Changes:

• Added numeric XML entity decoding (&#...;, &#x...;) to improve rendering of WordPress-style excerpts/titles.
• Added runtime-compatible request timeout signal creation (uses AbortSignal.timeout when available, otherwise an AbortController fallback).
• Added a WordPress /wp-json/wp/v2/posts fallback path when RSS/Atom fetch/parsing fails or yields no items, plus targeted tests.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

File	Description
src/pages/api/rss.ts	Adds numeric entity decoding, timeout signal helper, and WordPress fallback parsing/response paths for /api/rss.
src/pages/api/rss.test.ts	Adds tests for numeric entity decoding and the HTML-response WordPress fallback behavior.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

extractTag builds a RegExp from a string that contains \s/\S escapes, but the string literal currently uses single backslashes (\s is written as \s in the source). In JS/TS string literals \s is not a valid escape and becomes just s, so the regex will not match whitespace/newlines and tag extraction will break. Use double-escaped backslashes (e.g. \\s, \\S) or String.raw so the intended regex escapes reach the RegExp constructor.

Suggested change

	const match = block.match(new RegExp(`<${tag}(?:\s[^>]*)?>([\s\S]*?)<\/${tag}>`, 'i'));
	const match = block.match(new RegExp(String.raw`<${tag}(?:\s[^>]*)?>([\s\S]*?)<\/${tag}>`, 'i'));

[Copilot]

safeFromCodePoint currently treats any value in 0..0x10FFFF as valid, which includes surrogate code points (0xD800–0xDFFF). Decoding numeric entities to lone surrogates can produce invalid/unpaired UTF-16 in JS strings and unexpected rendering. Consider rejecting surrogate ranges (and non-finite values) and returning U+FFFD for those as well.

[Copilot]

fetchWithTimeout assumes AbortSignal is always defined and references AbortSignal.timeout directly. In runtimes where AbortSignal is missing or not global, this will throw before falling back to AbortController. Consider guarding via globalThis.AbortSignal (e.g., typeof globalThis.AbortSignal?.timeout === 'function') to keep the timeout wrapper truly runtime-safe.

Suggested change

	if (typeof AbortSignal.timeout === 'function') {
	return fetch(input, { ...init, signal: AbortSignal.timeout(timeoutMs) });
	const abortSignalCtor = globalThis.AbortSignal;
	if (typeof abortSignalCtor?.timeout === 'function') {
	return fetch(input, { ...init, signal: abortSignalCtor.timeout(timeoutMs) });

[Copilot]

The WordPress fallback reuses parsedFeedUrl.origin derived from the user-controlled url parameter, which means the endpoint will now make an additional request to /<origin>/wp-json/wp/v2/posts for arbitrary hosts. This increases SSRF blast radius (extra internal endpoints hit on the same host) compared to the RSS-only fetch. Consider restricting allowed origins (e.g., a known blog host), enforcing http/https only, and/or blocking private IP ranges before issuing either fetch.

[Copilot]

Fallback behavior is now triggered in several new cases (non-OK status, invalid feed XML, empty parsed items, thrown errors), but the new tests only cover the text/html trigger. Add at least one more test that demonstrates a successful fallback for another trigger (e.g., upstream 503 or invalid feed body) and a test that asserts no fallback request is made when the primary RSS/Atom parse yields items.