From 61f2060db37a7322a52970508b64aa068307351b Mon Sep 17 00:00:00 2001
From: DecDuck <declanahofmeyr@gmail.com>
Date: Sat, 28 Jun 2025 12:00:42 +1000
Subject: [PATCH] Fix CodeQL warnings

---
 server/.github/workflows/ci.yml      | 3 +++
 server/.github/workflows/release.yml | 3 +++
 server/components/NewsDirectory.vue  | 7 ++-----
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/server/.github/workflows/ci.yml b/server/.github/workflows/ci.yml
index 5520209b..78926f62 100644
--- a/server/.github/workflows/ci.yml
+++ b/server/.github/workflows/ci.yml
@@ -7,6 +7,9 @@ on:
   pull_request:
     branches:
       - develop
+      
+permissions:
+  contents: read
 
 jobs:
   typecheck:
diff --git a/server/.github/workflows/release.yml b/server/.github/workflows/release.yml
index b39f2f84..ed29fb50 100644
--- a/server/.github/workflows/release.yml
+++ b/server/.github/workflows/release.yml
@@ -8,6 +8,9 @@ on:
   schedule:
     - cron: "0 2 * * *" # run at 2 AM UTC
 
+permissions:
+  contents: read
+
 jobs:
   web:
     name: Push website Docker image to registry
diff --git a/server/components/NewsDirectory.vue b/server/components/NewsDirectory.vue
index 96a82336..6c0ea5a9 100644
--- a/server/components/NewsDirectory.vue
+++ b/server/components/NewsDirectory.vue
@@ -151,11 +151,8 @@ const toggleTag = (tag: string) => {
 };
 
 const formatExcerpt = (excerpt: string) => {
-  // TODO: same as one in NewsArticleCreateButton
-  // Convert markdown to HTML
-  const html = micromark(excerpt);
-  // Strip HTML tags using regex
-  return html.replace(/<[^>]*>/g, "");
+  // Convert markdown to HTML, micromark is safe
+  return micromark(excerpt);
 };
 
 const filteredArticles = computed(() => {