Allow heading tags (h1-h6) in ContentSanitizer so news editor headings render

app/Http/Controllers/Studio/StudioArtworksApiController.php

@@ -18,6 +18,7 @@ use App\Services\TagService;
 use App\Services\ArtworkVersioningService;
 use App\Services\Studio\StudioArtworkQueryService;
 use App\Services\Studio\StudioBulkActionService;
+use App\Support\ArtworkDescriptionContentValidator;
 use App\Services\Tags\TagDiscoveryService;
 use App\Services\Worlds\WorldSubmissionService;
 use Carbon\Carbon;
@@ -164,6 +165,8 @@ final class StudioArtworksApiController extends Controller
             'evolution_note' => 'sometimes|nullable|string|max:1200',
         ]);
 
+        $this->ensureValidArtworkDescription($validated);
+
         $hasAttributionUpdates = array_key_exists('group', $validated)
             || array_key_exists('primary_author_user_id', $validated)
             || array_key_exists('contributor_user_ids', $validated)
@@ -326,6 +329,15 @@ final class StudioArtworksApiController extends Controller
         ]);
     }
 
+    private function ensureValidArtworkDescription(array $validated): void
+    {
+        foreach (ArtworkDescriptionContentValidator::errors($validated['description'] ?? null) as $message) {
+            throw ValidationException::withMessages([
+                'description' => [$message],
+            ]);
+        }
+    }
+
     public function evolutionOptions(Request $request, int $id): JsonResponse
     {
         $artwork = $request->user()->artworks()->findOrFail($id);

app/Http/Controllers/Studio/StudioController.php

@@ -95,7 +95,13 @@ final class StudioController extends Controller
     {
         $provider = $this->content->provider('artworks');
         $prefs = $this->preferences->forUser($request->user());
-        $listing = $this->content->list($request->user(), $request->only(['q', 'sort', 'bucket', 'page', 'per_page', 'content_type', 'category', 'tag']), null, 'artworks');
+        $filters = $request->only(['q', 'sort', 'bucket', 'page', 'per_page', 'content_type', 'category', 'tag']);
+
+        if (! $request->filled('sort')) {
+            $filters['sort'] = 'published_desc';
+        }
+
+        $listing = $this->content->list($request->user(), $filters, null, 'artworks');
         $listing['default_view'] = $prefs['default_content_view'];
 
         return Inertia::render('Studio/StudioArtworks', [

app/Http/Controllers/Studio/StudioNewsController.php

@@ -377,10 +377,41 @@ final class StudioNewsController extends Controller
             'og_image' => ['nullable', 'string', 'max:2048'],
             'relations' => ['nullable', 'array', 'max:12'],
             'relations.*.entity_type' => ['required_with:relations', Rule::in(array_column($this->news->relationTypeOptions(), 'value'))],
-            'relations.*.entity_id' => ['required_with:relations', 'integer', 'min:1'],
+            'relations.*.entity_id' => ['nullable', 'integer', 'min:1'],
+            'relations.*.external_url' => ['nullable', 'string', 'max:2048'],
             'relations.*.context_label' => ['nullable', 'string', 'max:120'],
         ]);
 
+        $relationErrors = [];
+
+        foreach ((array) ($validated['relations'] ?? []) as $index => $relation) {
+            $entityType = trim(Str::lower((string) ($relation['entity_type'] ?? '')));
+
+            if ($entityType === NewsService::RELATION_SOURCE) {
+                $externalUrl = $this->normalizeExternalRelationUrl($relation['external_url'] ?? null);
+
+                if ($externalUrl === null) {
+                    $relationErrors["relations.{$index}.external_url"] = 'Source relations need a valid URL.';
+                    continue;
+                }
+
+                $validated['relations'][$index]['entity_id'] = null;
+                $validated['relations'][$index]['external_url'] = $externalUrl;
+
+                continue;
+            }
+
+            if ((int) ($relation['entity_id'] ?? 0) < 1) {
+                $relationErrors["relations.{$index}.entity_id"] = 'Select a related entity.';
+            }
+
+            $validated['relations'][$index]['external_url'] = null;
+        }
+
+        if ($relationErrors !== []) {
+            throw ValidationException::withMessages($relationErrors);
+        }
+
         if (($validated['editorial_status'] ?? null) === NewsArticle::EDITORIAL_STATUS_SCHEDULED && empty($validated['published_at'])) {
             throw ValidationException::withMessages([
                 'published_at' => 'Scheduled articles need a publish date and time.',
@@ -390,6 +421,25 @@ final class StudioNewsController extends Controller
         return $validated;
     }
 
+    private function normalizeExternalRelationUrl(mixed $value): ?string
+    {
+        $url = trim((string) ($value ?? ''));
+
+        if ($url === '') {
+            return null;
+        }
+
+        if (preg_match('/^\[[^\]]+\]\((https?:\/\/[^)]+)\)$/i', $url, $matches) === 1) {
+            $url = trim((string) ($matches[1] ?? ''));
+        }
+
+        if ($url === '' || filter_var($url, FILTER_VALIDATE_URL) === false) {
+            return null;
+        }
+
+        return Str::limit($url, 2048, '');
+    }
+
     private function tagPayload(): array
     {
         return NewsTag::query()

app/Http/Controllers/Studio/StudioNewsMediaApiController.php

@@ -46,6 +46,7 @@ final class StudioNewsMediaApiController extends Controller
                 'size_bytes' => $stored['size_bytes'],
                 'mobile_url' => $stored['mobile_url'],
                 'desktop_url' => $stored['desktop_url'],
+                'large_url' => $stored['large_url'],
                 'srcset' => $stored['srcset'],
             ]);
         } catch (RuntimeException $e) {