Bug Description
The POST /api/links and PUT /api/links/:id endpoints in server.js accept a link title of unlimited length. There is no maximum length check on either the frontend or the backend. A user can submit a title with hundreds or thousands of characters, which breaks the dashboard card layout and causes the UI to overflow.
// server.js — no length validation on title
title: req.body.title || 'New Link',
Steps to Reproduce
- Log in and open the dashboard
- Add a new link with a title of 500+ characters
- Observe the dashboard card layout breaks and overflows
Expected Behavior
Link titles should be limited to a reasonable maximum length (e.g. 100 characters). If exceeded, a clear error should be returned:
"Link title must be 100 characters or fewer."
Proposed Fix
Add a length check before inserting:
if (req.body.title && req.body.title.length > 100) {
return res.status(400).json({ error: 'Link title must be 100 characters or fewer.' });
}Apply the same check in the PUT /api/links/:id update endpoint.
Files Affected
server.js — POST /api/links and PUT /api/links/:id
I am a GSSoC '26 contributor and would like to be assigned this issue.
Bug Description
The
POST /api/linksandPUT /api/links/:idendpoints inserver.jsaccept a link title of unlimited length. There is no maximum length check on either the frontend or the backend. A user can submit a title with hundreds or thousands of characters, which breaks the dashboard card layout and causes the UI to overflow.Steps to Reproduce
Expected Behavior
Link titles should be limited to a reasonable maximum length (e.g. 100 characters). If exceeded, a clear error should be returned:
Proposed Fix
Add a length check before inserting:
Apply the same check in the
PUT /api/links/:idupdate endpoint.Files Affected
server.js—POST /api/linksandPUT /api/links/:idI am a GSSoC '26 contributor and would like to be assigned this issue.