Update AngularJS to 1.8 (Hackalist#631)

* Remove Google Analytics scripts and validate URL fields in test.js for security

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* Update Node.js CI workflow to use newer Node.js versions and action versions

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

Author: rodrigoargumedo

.github/workflows/node.js.yml

@@ -16,12 +16,12 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [10.x, 12.x, 14.x]
+        node-version: [18.x, 20.x, 22.x]
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v1
+      uses: actions/setup-node@v4
       with:
         node-version: ${{ matrix.node-version }}
     - run: node test.js

404.html

@@ -7,16 +7,6 @@
 		<meta name="description" content="An archive of hackathons from around the world (2014-2025).">
 		<meta name="keywords" content="hackathon, hackathons, list">
 		<link rel="shortcut icon" href="/images/favicon.ico" />
-		<!-- Start Google Javascript -->
-		<script>
-			(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
-			(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
-			m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
-			})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
-			ga('create', 'UA-51284668-3', 'auto');
-			ga('require', 'displayfeatures');
-			ga('send', 'pageview');
-		</script>
 		<link rel="stylesheet" type="text/css" href="css/skeleton.css">
 		<link rel="stylesheet" href="css/style.css">
 	</head>

index.html

@@ -7,16 +7,6 @@
 		<meta name="viewport" content="width=device-width, initial-scale=1">
 		<meta name="description" content="An archive of hackathons from around the world (2014-2025).">
 		<meta name="keywords" content="hackathon, hackathons, list, directory">
-		<!-- Start Google Javascript -->
-		<script>
-			(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
-			(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
-			m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
-		})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
-			ga('create', 'UA-51284668-3', 'auto');
-			ga('require', 'displayfeatures');
-			ga('send', 'pageview');
-		</script>
 		<link rel="shortcut icon" href="images/favicon.ico" />
 		<link rel="stylesheet" type="text/css" href="css/skeleton.css">
 		<link rel="stylesheet" type="text/css" href="css/style.css">
@@ -217,6 +207,6 @@ <h2>{{hackathon.title}}</h2>
 		</div>
 	</body>
 
-	<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.2.23/angular.min.js"></script>
+	<script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.8.3/angular.min.js"></script>
 	<script src="js/app.js"></script>
 </html>

test.js

@@ -44,8 +44,16 @@ for (const year of years) {
     let lastHackathon;
 
     for (const hackathon of obj[monthName]) {
+      // Validate URL fields don't use dangerous schemes (e.g. javascript:)
+      for (const field of ['url', 'facebookURL', 'twitterURL']) {
+        const val = (hackathon[field] || '').trim();
+        if (val && /^[a-z][a-z0-9+.-]*:/i.test(val) && !/^https?:/i.test(val)) {
+          bail(`${hackathon.title} has unsafe ${field}: ${val}`);
+        }
+      }
+
       let startDate = Date.parse(hackathon.startDate);
-      if (startDate !== undefined) {
+      if (!isNaN(startDate)) {
         if (lastStartDate > startDate) {
           bail(`${hackathon.title} should be before ${lastHackathon.title}`);
         }