GET /api/browse currently parses limit and offset with parseInt before passing them into Supabase .range(). Malformed values like limit=bad can produce NaN range bounds, negative values like offset=-5 can create negative range bounds, and fractional values like limit=1.5 are silently truncated. The route should accept only bounded integer pagination values and fall back to safe defaults otherwise.
GET /api/browse currently parses limit and offset with parseInt before passing them into Supabase .range(). Malformed values like limit=bad can produce NaN range bounds, negative values like offset=-5 can create negative range bounds, and fractional values like limit=1.5 are silently truncated. The route should accept only bounded integer pagination values and fall back to safe defaults otherwise.