- Add Accept: application/json headers to all API endpoint tests
- Add GET /blog/releases/tag/:tag HTML page test
- Add GET /api/blog/*/tag/:tag JSON API tests for both blogs
- Fix feed.xml assertions to check body first, then content type
Ran a claude /security-review, fixed two vulnerabilities
Use a plug to resolve blog_id, returning a clean 404 for unknown blogs
instead of raising with inspect(). Parse page param with Integer.parse
so invalid values (non-numeric, negative, zero) fall back to page 1
instead of crashing. Add 5 tests covering these cases.a
Goal: have a personal blog, and try out another point in the 'modular
app design with elixir' space.
Designing OTP systems with elixir had some interesting ideas.
