The sweep surfaced a junk class that passes the current screen: broken clients pack a whole relay list into one `r` tag, e.g. `wss://adre.su/wss://ae.purplerelay.com/...` or `wss://atlas.nostr.land/+wss://eden.nostr.land/+...`. `new URL()` parses these (host = first token, the rest becomes the path), so `safeRelayUrl` accepts them and the host-cap misses them (each is a unique "host").
Fix
Tighten `safeRelayUrl`: reject when the raw string has more than one `://` (embedded scheme), whitespace, or length > 120 — all signatures of concatenation junk; real relay URLs are short and single-scheme. Applies everywhere (harvest, prober, sweep).
After
Re-run `sweep-relays.js --apply` — these now classify as `bad` and get removed.
The sweep surfaced a junk class that passes the current screen: broken clients pack a whole relay list into one `r` tag, e.g. `wss://adre.su/wss://ae.purplerelay.com/...` or `wss://atlas.nostr.land/+wss://eden.nostr.land/+...`. `new URL()` parses these (host = first token, the rest becomes the path), so `safeRelayUrl` accepts them and the host-cap misses them (each is a unique "host").
Fix
Tighten `safeRelayUrl`: reject when the raw string has more than one `://` (embedded scheme), whitespace, or length > 120 — all signatures of concatenation junk; real relay URLs are short and single-scheme. Applies everywhere (harvest, prober, sweep).
After
Re-run `sweep-relays.js --apply` — these now classify as `bad` and get removed.