fix(submissions): enforce https-only submitted source links

[JSONbored]

Motivation

• The submissions workbench exposed contributor-provided sourceUrl values as clickable links and the UI allowed http: destinations despite validation enforcing HTTPS-only contributor URLs, creating a policy mismatch and increasing click-through MITM/phishing risk.

Description

• Add a safeHttpsUrl helper that only accepts https: URLs and returns an empty string for non-HTTPS or malformed values.
• Use safeHttpsUrl(entry.sourceUrl) for the maintainer “Open submitted source” link so only validated https:// sources are rendered as clickable links.
• Keep the existing safeHttpUrl helper for other auxiliary URL rendering and preserve fallback/invalid-URL behavior.

Testing

• Ran the focused intake test with pnpm exec vitest run tests/submission-intake.test.ts -t "rejects malformed or non-https contributor URLs" --reporter=dot, which passed (1 passed, 56 skipped).

---

Codex Task

[coderabbitai]

Warning

Review limit reached

@JSONbored, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 1 minute and 9 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Run ID: 5bd4aadb-f5dd-4824-8a19-96fea1054d99

📥 Commits

Reviewing files that changed from the base of the PR and between 9aa3e7b and b29393d.

📒 Files selected for processing (1)

• apps/web/src/app/submissions/page.tsx

✨ Finishing Touches

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch codex/fix-submission-workbench-non-https-links

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}