From 1e28cbd115c07090faf155462af5abfd82eeafe0 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Sat, 4 Apr 2026 14:12:43 -0400
Subject: [PATCH 1/9] Add e2e tests for URL parameter isolation between listing
 and DLP

These tests verify that listing-specific query params (page, sortOption,
sortDir, showDrafts, showEmpty, search, pos) do not leak into Dandiset
Landing Page URLs when navigating from listing/search pages.

Expected to FAIL on current code and PASS after the fix in the next commit.

Ref: https://github.com/dandi/dandi-archive/issues/1460

Co-Authored-By: Claude Code 2.1.92 / Claude Opus 4.6 <noreply@anthropic.com>
---
 e2e/tests/urlParams.spec.ts | 140 ++++++++++++++++++++++++++++++++++++
 1 file changed, 140 insertions(+)
 create mode 100644 e2e/tests/urlParams.spec.ts

diff --git a/e2e/tests/urlParams.spec.ts b/e2e/tests/urlParams.spec.ts
new file mode 100644
index 000000000..b941d46fb
--- /dev/null
+++ b/e2e/tests/urlParams.spec.ts
@@ -0,0 +1,140 @@
+import { expect, test } from "@playwright/test";
+import { clientUrl, registerNewUser, registerDandiset } from "../utils.ts";
+import { faker } from "@faker-js/faker";
+
+/**
+ * Tests that listing query parameters (page, sortOption, sortDir, showDrafts,
+ * showEmpty, search, pos) do not leak into Dandiset Landing Page (DLP) URLs,
+ * and vice-versa.  See https://github.com/dandi/dandi-archive/issues/1460
+ */
+
+const LISTING_PARAMS = ["page", "sortOption", "sortDir", "showDrafts", "showEmpty", "search", "pos"];
+
+/** Assert that none of the listing-specific params appear in the current URL. */
+function expectCleanDlpUrl(url: string) {
+  const parsed = new URL(url);
+  for (const param of LISTING_PARAMS) {
+    expect(parsed.searchParams.has(param), `URL should not contain '${param}': ${url}`).toBeFalsy();
+  }
+}
+
+test.describe("URL parameter isolation (issue #1460)", () => {
+  test("listing params do not leak to DLP when clicking a dandiset", async ({ page }) => {
+    await registerNewUser(page);
+    const name = faker.lorem.words();
+    const description = faker.lorem.sentences();
+    await registerDandiset(page, name, description);
+
+    // Go to the public dandisets listing
+    await page.goto(`${clientUrl}/dandiset`);
+    await page.waitForLoadState("networkidle");
+
+    // Click the first dandiset in the list
+    await page.locator(".v-list-item").first().click();
+    await page.waitForLoadState("networkidle");
+
+    // DLP URL must be clean
+    expectCleanDlpUrl(page.url());
+    // Should be on a dandiset page
+    expect(page.url()).toMatch(/\/dandiset\/\d+/);
+  });
+
+  test("search params do not leak to DLP", async ({ page }) => {
+    await registerNewUser(page);
+    const name = `searchtest-${faker.lorem.word()}`;
+    const description = faker.lorem.sentences();
+    await registerDandiset(page, name, description);
+
+    // Navigate to search with a query
+    await page.goto(`${clientUrl}/dandiset/search?search=${name}`);
+    await page.waitForLoadState("networkidle");
+
+    // Verify search results appear
+    const items = page.locator(".v-list-item");
+    await expect(items.first()).toBeVisible();
+
+    // Click the first result
+    await items.first().click();
+    await page.waitForLoadState("networkidle");
+
+    // DLP URL must be clean — no search param
+    expectCleanDlpUrl(page.url());
+  });
+
+  test("direct DLP navigation produces clean URL", async ({ page }) => {
+    await registerNewUser(page);
+    const name = faker.lorem.words();
+    const description = faker.lorem.sentences();
+    const dandisetId = await registerDandiset(page, name, description);
+
+    // Navigate directly to the DLP
+    await page.goto(`${clientUrl}/dandiset/${dandisetId}`);
+    await page.waitForLoadState("networkidle");
+
+    expectCleanDlpUrl(page.url());
+  });
+
+  test("DLP pagination does not add listing params to URL", async ({ page }) => {
+    test.slow();
+    await registerNewUser(page);
+
+    // Create multiple dandisets so pagination has something to page through
+    for (let i = 0; i < 3; i += 1) {
+      await registerDandiset(page, faker.lorem.words(), faker.lorem.sentences());
+    }
+
+    // Go to listing and click a dandiset
+    await page.goto(`${clientUrl}/dandiset`);
+    await page.waitForLoadState("networkidle");
+    await page.locator(".v-list-item").first().click();
+    await page.waitForLoadState("networkidle");
+
+    // If pagination is visible, click next and verify URL stays clean
+    const nextButton = page.locator(".v-pagination__next button");
+    if (await nextButton.isVisible()) {
+      await nextButton.click();
+      await page.waitForLoadState("networkidle");
+      expectCleanDlpUrl(page.url());
+    }
+  });
+
+  test("back button from DLP restores listing params", async ({ page }) => {
+    await registerNewUser(page);
+    await registerDandiset(page, faker.lorem.words(), faker.lorem.sentences());
+
+    // Go to listing
+    await page.goto(`${clientUrl}/dandiset`);
+    await page.waitForLoadState("networkidle");
+
+    // Capture listing URL
+    const listingUrl = page.url();
+
+    // Click into a dandiset
+    await page.locator(".v-list-item").first().click();
+    await page.waitForLoadState("networkidle");
+
+    // Go back
+    await page.goBack();
+    await page.waitForLoadState("networkidle");
+
+    // Should be back on listing with its own params intact
+    const backUrl = new URL(page.url());
+    expect(backUrl.pathname).toBe("/dandiset");
+  });
+
+  test("manually appended listing params are stripped from DLP URL", async ({ page }) => {
+    await registerNewUser(page);
+    const name = faker.lorem.words();
+    const description = faker.lorem.sentences();
+    const dandisetId = await registerDandiset(page, name, description);
+
+    // Navigate to DLP with manually injected listing params
+    await page.goto(
+      `${clientUrl}/dandiset/${dandisetId}?page=2&sortOption=1&sortDir=-1&showDrafts=true&showEmpty=false&search=test&pos=5`
+    );
+    await page.waitForLoadState("networkidle");
+
+    // The router guard should have stripped all listing params
+    expectCleanDlpUrl(page.url());
+  });
+});

From 280c8b16b9b76bfd1c0fbc2ae0a7cc2e7b0e835c Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Sat, 4 Apr 2026 14:54:57 -0400
Subject: [PATCH 2/9] Fix URL parameter leakage from listing pages to DLP

Listing query params (page, sortOption, sortDir, showDrafts, showEmpty,
search, pos) were spread into DLP URLs via `...$route.query` in
DandisetList.vue, producing ugly unshareable URLs like:
/dandiset/000027?page=2&sortOption=0&sortDir=NaN&showDrafts=true&...

Fix: move listing navigation context into a Pinia store so the DLP
"page through dandisets" feature works without polluting the URL.
Add a defensive router guard to strip any listing params that reach
the DLP route.

Fixes: https://github.com/dandi/dandi-archive/issues/1460

Co-Authored-By: Claude Code 2.1.92 / Claude Opus 4.6 <noreply@anthropic.com>
---
 web/src/components/DandisetList.vue           |  7 ++-
 web/src/components/DandisetsPage.vue          | 18 +++++++
 web/src/router/index.ts                       | 26 +++++++++-
 web/src/stores/listingContext.ts              | 52 +++++++++++++++++++
 .../DandisetLandingView.vue                   | 28 +++++-----
 5 files changed, 117 insertions(+), 14 deletions(-)
 create mode 100644 web/src/stores/listingContext.ts

diff --git a/web/src/components/DandisetList.vue b/web/src/components/DandisetList.vue
index 34153af17..c875db433 100644
--- a/web/src/components/DandisetList.vue
+++ b/web/src/components/DandisetList.vue
@@ -10,9 +10,9 @@
       :to="{
         name: 'dandisetLanding',
         params: { identifier: item.dandiset.identifier },
-        query: { ...$route.query, pos: getPos(index) },
       }"
       exact
+      @click="savePos(index)"
     >
       <v-list-item-title class="wrap-text text-h6 text-grey-darken-3 font-weight-medium">
         {{ item.name }}
@@ -85,6 +85,7 @@ import moment from 'moment';
 import { filesize } from 'filesize';
 import StarButton from '@/components/StarButton.vue';
 import { dandiRest } from '@/rest';
+import { useListingContextStore } from '@/stores/listingContext';
 
 import type { Version } from '@/types';
 import { DANDISETS_PER_PAGE } from '@/utils/constants';
@@ -97,6 +98,7 @@ defineProps({
 });
 
 const route = useRoute();
+const listingContext = useListingContextStore();
 const archiveName = ref<string>('');
 
 onMounted(async () => {
@@ -108,6 +110,9 @@ onMounted(async () => {
 function getPos(index: number) {
   return (Number(route.query.page || 1) - 1) * DANDISETS_PER_PAGE + (index + 1);
 }
+function savePos(index: number) {
+  listingContext.setContext({ pos: getPos(index) });
+}
 function formatDate(date: string) {
   return moment(date).format('LL');
 }
diff --git a/web/src/components/DandisetsPage.vue b/web/src/components/DandisetsPage.vue
index 1529be604..9d09801bc 100644
--- a/web/src/components/DandisetsPage.vue
+++ b/web/src/components/DandisetsPage.vue
@@ -187,6 +187,7 @@ import { useRoute } from 'vue-router';
 import DandisetList from '@/components/DandisetList.vue';
 import DandisetSearchField from '@/components/DandisetSearchField.vue';
 import { dandiRest } from '@/rest';
+import { useListingContextStore } from '@/stores/listingContext';
 import type { Dandiset, Paginated, Version } from '@/types';
 import { sortingOptions, DANDISETS_PER_PAGE } from '@/utils/constants';
 import router from '@/router';
@@ -276,6 +277,23 @@ watch(queryParams, (params) => {
     },
   });
 });
+
+// Keep the listing context store in sync so the DLP can use it for pagination
+// without needing URL query params.
+const listingContext = useListingContextStore();
+watch(
+  [sortOption, sortDir, showDrafts, showEmpty, () => route.query.search],
+  () => {
+    listingContext.setContext({
+      sortOption: sortOption.value,
+      sortDir: sortDir.value,
+      showDrafts: showDrafts.value,
+      showEmpty: showEmpty.value,
+      search: (route.query.search as string) || null,
+    });
+  },
+  { immediate: true },
+);
 </script>
 
 <style scoped>
diff --git a/web/src/router/index.ts b/web/src/router/index.ts
index d03e13844..78b04541c 100644
--- a/web/src/router/index.ts
+++ b/web/src/router/index.ts
@@ -64,7 +64,31 @@ const routes: RouteRecordRaw[] = [
   },
 ];
 
-export default createRouter({
+// Listing-specific query params that must not appear on DLP URLs.
+const LISTING_PARAMS = ['page', 'sortOption', 'sortDir', 'showDrafts', 'showEmpty', 'search', 'pos'];
+
+const router = createRouter({
   history: createWebHistory(),
   routes,
 });
+
+// Safety net: strip leaked listing params from DLP routes.
+router.beforeEach((to, _from, next) => {
+  if (to.name === 'dandisetLanding') {
+    const cleanQuery = { ...to.query };
+    let modified = false;
+    for (const param of LISTING_PARAMS) {
+      if (param in cleanQuery) {
+        delete cleanQuery[param];
+        modified = true;
+      }
+    }
+    if (modified) {
+      next({ ...to, query: cleanQuery });
+      return;
+    }
+  }
+  next();
+});
+
+export default router;
diff --git a/web/src/stores/listingContext.ts b/web/src/stores/listingContext.ts
new file mode 100644
index 000000000..19b26de9f
--- /dev/null
+++ b/web/src/stores/listingContext.ts
@@ -0,0 +1,52 @@
+import { defineStore } from 'pinia';
+import { ref } from 'vue';
+
+/**
+ * Stores the listing page context (sort, search, filters, position) so the DLP
+ * can offer "page through dandisets" navigation without leaking listing params
+ * into the URL.  This state is transient — it does not survive a page reload.
+ */
+export const useListingContextStore = defineStore('listingContext', () => {
+  const pos = ref<number | null>(null);
+  const sortOption = ref(0);
+  const sortDir = ref(-1);
+  const search = ref<string | null>(null);
+  const showDrafts = ref(true);
+  const showEmpty = ref(false);
+
+  function setContext(ctx: {
+    pos?: number | null;
+    sortOption?: number;
+    sortDir?: number;
+    search?: string | null;
+    showDrafts?: boolean;
+    showEmpty?: boolean;
+  }) {
+    if (ctx.pos !== undefined) pos.value = ctx.pos;
+    if (ctx.sortOption !== undefined) sortOption.value = ctx.sortOption;
+    if (ctx.sortDir !== undefined) sortDir.value = ctx.sortDir;
+    if (ctx.search !== undefined) search.value = ctx.search;
+    if (ctx.showDrafts !== undefined) showDrafts.value = ctx.showDrafts;
+    if (ctx.showEmpty !== undefined) showEmpty.value = ctx.showEmpty;
+  }
+
+  function clear() {
+    pos.value = null;
+    sortOption.value = 0;
+    sortDir.value = -1;
+    search.value = null;
+    showDrafts.value = true;
+    showEmpty.value = false;
+  }
+
+  return {
+    pos,
+    sortOption,
+    sortDir,
+    search,
+    showDrafts,
+    showEmpty,
+    setContext,
+    clear,
+  };
+});
diff --git a/web/src/views/DandisetLandingView/DandisetLandingView.vue b/web/src/views/DandisetLandingView/DandisetLandingView.vue
index e05a01ee1..3e9ba57d0 100644
--- a/web/src/views/DandisetLandingView/DandisetLandingView.vue
+++ b/web/src/views/DandisetLandingView/DandisetLandingView.vue
@@ -7,6 +7,7 @@
     <v-toolbar class="px-4 bg-grey-darken-2 text-white">
       <DandisetSearchField />
       <v-pagination
+        v-if="hasListingContext"
         v-model="page"
         :length="pages"
         :total-visible="0"
@@ -126,6 +127,7 @@ import { useDisplay } from 'vuetify';
 import DandisetSearchField from '@/components/DandisetSearchField.vue';
 import Meditor from '@/components/Meditor/Meditor.vue';
 import { useDandisetStore } from '@/stores/dandiset';
+import { useListingContextStore } from '@/stores/listingContext';
 import type { Dandiset, Version } from '@/types';
 import { draftVersion, sortingOptions } from '@/utils/constants';
 import { editorInterface } from '@/components/Meditor/state';
@@ -161,6 +163,7 @@ onBeforeRouteLeave((to, from, next) => {
 const route = useRoute();
 const router = useRouter();
 const store = useDandisetStore();
+const listingContext = useListingContextStore();
 const display = useDisplay();
 
 const isSmDisplay = computed(() => display.smAndDown.value);
@@ -234,22 +237,23 @@ watch([() => props.identifier, () => props.version], async () => {
   loading.value = false;
 });
 
-const page = ref(Number(route.query.pos) || 1);
+// Listing pagination — reads context from the Pinia store (not URL params)
+// so that DLP URLs stay clean and shareable.
+const hasListingContext = computed(() => listingContext.pos !== null);
+const page = ref(listingContext.pos || 1);
 const pages = ref(1);
 const nextDandiset: Ref<Partial<Dandiset>[]> = ref([]);
 
 async function fetchNextPage() {
-  const sortOption = Number(route.query.sortOption) || 0;
-  const sortDir = Number(route.query.sortDir || -1);
-  const sortField = sortingOptions[sortOption].djangoField;
-  const ordering = ((sortDir === -1) ? '-' : '') + sortField;
+  const sortField = sortingOptions[listingContext.sortOption].djangoField;
+  const ordering = ((listingContext.sortDir === -1) ? '-' : '') + sortField;
   const response = await dandiRest.dandisets({
     page: page.value,
     page_size: 1,
     ordering,
-    search: route.query.search,
-    draft: route.query.showDrafts || true,
-    empty: route.query.showEmpty,
+    search: listingContext.search,
+    draft: listingContext.showDrafts,
+    empty: listingContext.showEmpty,
   });
 
   pages.value = (response.data?.count) ? response.data?.count : 1;
@@ -267,9 +271,6 @@ function navigateToPage() {
       router.push({
         name: route.name || undefined,
         params: { identifier },
-        query: {
-          ...route.query,
-        },
       });
     }
   }
@@ -277,6 +278,7 @@ function navigateToPage() {
 
 watch(page, async (newValue, oldValue) => {
   if (oldValue !== newValue) {
+    listingContext.setContext({ pos: newValue });
     await fetchNextPage();
     navigateToPage();
   }
@@ -295,6 +297,8 @@ onMounted(async () => {
       e.returnValue = 'You have unsaved changes, are you sure you want to leave?';
     }
   });
-  await fetchNextPage(); // get the current page and total count
+  if (hasListingContext.value) {
+    await fetchNextPage(); // get the current page and total count
+  }
 });
 </script>

From d516d1fc260747d3af4b876eaa93bfc6fa5e9c41 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Sun, 5 Apr 2026 20:24:29 -0400
Subject: [PATCH 3/9] Add e2e tests for DLP tab URL state persistence

Tests that clicking tabs updates the URL ?tab= param, that navigating
directly to ?tab=how-to-cite opens the correct tab, and that the param
survives page reload.

Expected to FAIL on current code and PASS after the next commit.

Co-Authored-By: Claude Code 2.1.92 / Claude Opus 4.6 <noreply@anthropic.com>
---
 e2e/tests/urlParams.spec.ts | 71 +++++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)

diff --git a/e2e/tests/urlParams.spec.ts b/e2e/tests/urlParams.spec.ts
index b941d46fb..14d8c1adf 100644
--- a/e2e/tests/urlParams.spec.ts
+++ b/e2e/tests/urlParams.spec.ts
@@ -138,3 +138,74 @@ test.describe("URL parameter isolation (issue #1460)", () => {
     expectCleanDlpUrl(page.url());
   });
 });
+
+test.describe("DLP tab URL state", () => {
+  test("clicking 'How to Cite' tab adds ?tab=how-to-cite to URL", async ({ page }) => {
+    await registerNewUser(page);
+    const dandisetId = await registerDandiset(page, faker.lorem.words(), faker.lorem.sentences());
+
+    await page.goto(`${clientUrl}/dandiset/${dandisetId}`);
+    await page.waitForLoadState("networkidle");
+
+    // URL should have no tab param on Overview (default)
+    expect(new URL(page.url()).searchParams.has("tab")).toBeFalsy();
+
+    // Click "How to Cite" tab
+    await page.getByRole("tab", { name: "How to Cite" }).click();
+    await page.waitForTimeout(500);
+
+    // URL should now have ?tab=how-to-cite
+    const url = new URL(page.url());
+    expect(url.searchParams.get("tab")).toBe("how-to-cite");
+  });
+
+  test("switching back to Overview removes tab param", async ({ page }) => {
+    await registerNewUser(page);
+    const dandisetId = await registerDandiset(page, faker.lorem.words(), faker.lorem.sentences());
+
+    await page.goto(`${clientUrl}/dandiset/${dandisetId}?tab=how-to-cite`);
+    await page.waitForLoadState("networkidle");
+
+    // Should be on How to Cite tab
+    await expect(page.getByText("How to Cite this Dataset")).toBeVisible();
+
+    // Switch to Overview
+    await page.getByRole("tab", { name: "Overview" }).click();
+    await page.waitForTimeout(500);
+
+    // tab param should be gone
+    expect(new URL(page.url()).searchParams.has("tab")).toBeFalsy();
+  });
+
+  test("navigating to ?tab=how-to-cite opens the correct tab", async ({ page }) => {
+    await registerNewUser(page);
+    const dandisetId = await registerDandiset(page, faker.lorem.words(), faker.lorem.sentences());
+
+    // Navigate directly with tab param
+    await page.goto(`${clientUrl}/dandiset/${dandisetId}?tab=how-to-cite`);
+    await page.waitForLoadState("networkidle");
+
+    // The How to Cite content should be visible
+    await expect(page.getByText("How to Cite this Dataset")).toBeVisible();
+  });
+
+  test("tab param survives page reload", async ({ page }) => {
+    await registerNewUser(page);
+    const dandisetId = await registerDandiset(page, faker.lorem.words(), faker.lorem.sentences());
+
+    await page.goto(`${clientUrl}/dandiset/${dandisetId}`);
+    await page.waitForLoadState("networkidle");
+
+    // Click How to Cite
+    await page.getByRole("tab", { name: "How to Cite" }).click();
+    await page.waitForTimeout(500);
+
+    // Reload
+    await page.reload();
+    await page.waitForLoadState("networkidle");
+
+    // Should still be on How to Cite
+    await expect(page.getByText("How to Cite this Dataset")).toBeVisible();
+    expect(new URL(page.url()).searchParams.get("tab")).toBe("how-to-cite");
+  });
+});

From 53c4bcc62d572aa95fc93dc9673a6e5d22956203 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Sun, 5 Apr 2026 20:25:35 -0400
Subject: [PATCH 4/9] Sync DLP active tab to URL query param (?tab=how-to-cite)

The DLP now reflects the selected tab in the URL so links to specific
tabs are shareable and survive page reload.  The default Overview tab
uses no param to keep the base URL clean.

Co-Authored-By: Claude Code 2.1.92 / Claude Opus 4.6 <noreply@anthropic.com>
---
 .../DandisetLandingView/DandisetMain.vue      | 26 ++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/web/src/views/DandisetLandingView/DandisetMain.vue b/web/src/views/DandisetLandingView/DandisetMain.vue
index e179b0ff2..6da07b773 100644
--- a/web/src/views/DandisetLandingView/DandisetMain.vue
+++ b/web/src/views/DandisetLandingView/DandisetMain.vue
@@ -267,6 +267,7 @@
 import {
   computed,
   ref,
+  watch,
   watchEffect,
   type ComputedRef,
 } from 'vue';
@@ -276,6 +277,7 @@ import { marked } from 'marked';
 import moment from 'moment';
 import DOMPurify from 'dompurify';
 import { useDisplay } from 'vuetify';
+import { useRoute, useRouter } from 'vue-router';
 
 import { useDandisetStore } from '@/stores/dandiset';
 import { getDoiMetadata } from '@/utils/doi';
@@ -292,11 +294,13 @@ const MAX_DESCRIPTION_LENGTH = 400;
 const tabs = [
   {
     name: 'Overview',
+    slug: 'overview',
     component: OverviewTab,
     icon: 'mdi-information-outline',
   },
   {
     name: 'How to Cite',
+    slug: 'how-to-cite',
     component: HowToCiteTab,
     icon: 'mdi-format-quote-close',
   },
@@ -358,7 +362,27 @@ const subjectMatter: ComputedRef<SubjectMatterOfTheDataset|undefined> = computed
   () => meta.value?.about,
 );
 
-const currentTab = ref(0);
+const route = useRoute();
+const router = useRouter();
+
+// Resolve the initial tab from the ?tab= query param (default to 0 / Overview).
+const initialTabIndex = tabs.findIndex((t) => t.slug === route.query.tab);
+const currentTab = ref(initialTabIndex >= 0 ? initialTabIndex : 0);
+
+// Sync tab selection → URL query param.
+watch(currentTab, (index) => {
+  const slug = tabs[index]?.slug;
+  const currentSlug = route.query.tab as string | undefined;
+  if (slug === currentSlug) return;
+  // Use the default tab (overview) without a query param to keep the base URL clean.
+  const query = { ...route.query };
+  if (index === 0) {
+    delete query.tab;
+  } else {
+    query.tab = slug;
+  }
+  router.replace({ ...route, query });
+});
 
 function formatDate(date: string): string {
   return moment(date).format('LL');

From 0e7703be9d7c6f0975f5e46dcbad494256d35d69 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Mon, 6 Apr 2026 08:04:12 -0400
Subject: [PATCH 5/9] Add e2e tests for citation format and meditor overlay URL
 params

Tests that ?format= reflects the selected citation style on the
How to Cite tab, and that ?overlay=meditor opens/closes the metadata
editor dialog.

Expected to FAIL on current code and PASS after the next commit.

Co-Authored-By: Claude Code 2.1.92 / Claude Opus 4.6 <noreply@anthropic.com>
---
 e2e/tests/urlParams.spec.ts | 97 +++++++++++++++++++++++++++++++++++++
 1 file changed, 97 insertions(+)

diff --git a/e2e/tests/urlParams.spec.ts b/e2e/tests/urlParams.spec.ts
index 14d8c1adf..8475bd3df 100644
--- a/e2e/tests/urlParams.spec.ts
+++ b/e2e/tests/urlParams.spec.ts
@@ -209,3 +209,100 @@ test.describe("DLP tab URL state", () => {
     expect(new URL(page.url()).searchParams.get("tab")).toBe("how-to-cite");
   });
 });
+
+test.describe("DLP citation format URL state", () => {
+  test("selecting a citation format adds ?format= to URL", async ({ page }) => {
+    await registerNewUser(page);
+    const dandisetId = await registerDandiset(page, faker.lorem.words(), faker.lorem.sentences());
+
+    await page.goto(`${clientUrl}/dandiset/${dandisetId}?tab=how-to-cite`);
+    await page.waitForLoadState("networkidle");
+
+    // Default (APA) should have no format param
+    expect(new URL(page.url()).searchParams.has("format")).toBeFalsy();
+
+    // Select BibTeX format
+    await page.locator(".citation-format-select").click();
+    await page.getByRole("option", { name: "BibTeX" }).click();
+    await page.waitForTimeout(500);
+
+    const url = new URL(page.url());
+    expect(url.searchParams.get("format")).toBe("bibtex");
+    expect(url.searchParams.get("tab")).toBe("how-to-cite");
+  });
+
+  test("navigating to ?tab=how-to-cite&format=harvard opens correct format", async ({ page }) => {
+    await registerNewUser(page);
+    const dandisetId = await registerDandiset(page, faker.lorem.words(), faker.lorem.sentences());
+
+    await page.goto(`${clientUrl}/dandiset/${dandisetId}?tab=how-to-cite&format=harvard`);
+    await page.waitForLoadState("networkidle");
+
+    // Harvard should be selected in the dropdown
+    await expect(page.locator(".citation-format-select")).toContainText("Harvard");
+  });
+
+  test("switching back to APA removes format param", async ({ page }) => {
+    await registerNewUser(page);
+    const dandisetId = await registerDandiset(page, faker.lorem.words(), faker.lorem.sentences());
+
+    await page.goto(`${clientUrl}/dandiset/${dandisetId}?tab=how-to-cite&format=bibtex`);
+    await page.waitForLoadState("networkidle");
+
+    // Select APA (default)
+    await page.locator(".citation-format-select").click();
+    await page.getByRole("option", { name: "APA 7th" }).click();
+    await page.waitForTimeout(500);
+
+    // format param should be gone, tab should remain
+    const url = new URL(page.url());
+    expect(url.searchParams.has("format")).toBeFalsy();
+    expect(url.searchParams.get("tab")).toBe("how-to-cite");
+  });
+});
+
+test.describe("DLP meditor overlay URL state", () => {
+  test("opening meditor adds ?overlay=meditor to URL", async ({ page }) => {
+    await registerNewUser(page);
+    await registerDandiset(page, faker.lorem.words(), faker.lorem.sentences());
+    await page.waitForLoadState("networkidle");
+
+    // No overlay param initially
+    expect(new URL(page.url()).searchParams.has("overlay")).toBeFalsy();
+
+    // Click the metadata edit button to open meditor
+    await page.getByRole("button", { name: "Metadata" }).click();
+    await page.waitForTimeout(500);
+
+    expect(new URL(page.url()).searchParams.get("overlay")).toBe("meditor");
+  });
+
+  test("closing meditor removes overlay param", async ({ page }) => {
+    await registerNewUser(page);
+    const dandisetId = await registerDandiset(page, faker.lorem.words(), faker.lorem.sentences());
+
+    await page.goto(`${clientUrl}/dandiset/${dandisetId}?overlay=meditor`);
+    await page.waitForLoadState("networkidle");
+
+    // Meditor dialog should be open
+    await expect(page.locator(".v-dialog--active, .v-overlay--active")).toBeVisible();
+
+    // Close the dialog (press Escape)
+    await page.keyboard.press("Escape");
+    await page.waitForTimeout(500);
+
+    // overlay param should be gone
+    expect(new URL(page.url()).searchParams.has("overlay")).toBeFalsy();
+  });
+
+  test("navigating to ?overlay=meditor opens the meditor", async ({ page }) => {
+    await registerNewUser(page);
+    const dandisetId = await registerDandiset(page, faker.lorem.words(), faker.lorem.sentences());
+
+    await page.goto(`${clientUrl}/dandiset/${dandisetId}?overlay=meditor`);
+    await page.waitForLoadState("networkidle");
+
+    // Meditor dialog should be visible
+    await expect(page.locator(".v-dialog--active, .v-overlay--active")).toBeVisible();
+  });
+});

From f78e26ef8fa53f3d4ed7054e14142fd90702053c Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Mon, 6 Apr 2026 08:20:00 -0400
Subject: [PATCH 6/9] Sync citation format and meditor overlay to DLP URL
 params

- ?format=bibtex (etc.) on How to Cite tab reflects the selected
  citation style; default APA uses no param for clean URLs
- ?overlay=meditor opens the metadata editor dialog on page load
  and is removed when the dialog closes

Together with ?tab=how-to-cite, this allows full DLP state recall:
/dandiset/000027/draft?tab=how-to-cite&format=harvard
/dandiset/000027/draft?overlay=meditor

Co-Authored-By: Claude Code 2.1.92 / Claude Opus 4.6 <noreply@anthropic.com>
---
 e2e/tests/urlParams.spec.ts                   | 24 ++++++++++++++++++
 web/src/components/DLP/HowToCiteTab.vue       | 25 ++++++++++++++++---
 .../DandisetLandingView.vue                   | 18 ++++++++++++-
 3 files changed, 63 insertions(+), 4 deletions(-)

diff --git a/e2e/tests/urlParams.spec.ts b/e2e/tests/urlParams.spec.ts
index 8475bd3df..95d476308 100644
--- a/e2e/tests/urlParams.spec.ts
+++ b/e2e/tests/urlParams.spec.ts
@@ -242,6 +242,30 @@ test.describe("DLP citation format URL state", () => {
     await expect(page.locator(".citation-format-select")).toContainText("Harvard");
   });
 
+  test("citation format survives page reload", async ({ page }) => {
+    await registerNewUser(page);
+    const dandisetId = await registerDandiset(page, faker.lorem.words(), faker.lorem.sentences());
+
+    await page.goto(`${clientUrl}/dandiset/${dandisetId}?tab=how-to-cite`);
+    await page.waitForLoadState("networkidle");
+
+    // Select Harvard
+    await page.locator(".citation-format-select").click();
+    await page.getByRole("option", { name: "Harvard" }).click();
+    await page.waitForTimeout(500);
+
+    // Reload
+    await page.reload();
+    await page.waitForLoadState("networkidle");
+
+    // Should still be on How to Cite with Harvard selected
+    await expect(page.getByText("How to Cite this Dataset")).toBeVisible();
+    await expect(page.locator(".citation-format-select")).toContainText("Harvard");
+    const url = new URL(page.url());
+    expect(url.searchParams.get("tab")).toBe("how-to-cite");
+    expect(url.searchParams.get("format")).toBe("harvard");
+  });
+
   test("switching back to APA removes format param", async ({ page }) => {
     await registerNewUser(page);
     const dandisetId = await registerDandiset(page, faker.lorem.words(), faker.lorem.sentences());
diff --git a/web/src/components/DLP/HowToCiteTab.vue b/web/src/components/DLP/HowToCiteTab.vue
index 0a480aaf8..8e4e27bc0 100644
--- a/web/src/components/DLP/HowToCiteTab.vue
+++ b/web/src/components/DLP/HowToCiteTab.vue
@@ -231,7 +231,8 @@
 </template>
 
 <script setup lang="ts">
-import { computed, type PropType, ref } from 'vue';
+import { computed, type PropType, ref, watch } from 'vue';
+import { useRoute, useRouter } from 'vue-router';
 
 import { useDandisetStore } from '@/stores/dandiset';
 import type { DandisetMetadata } from '@/types';
@@ -273,8 +274,26 @@ const latestPublishedVersionLink = computed(() => {
 // Define citation format types
 type CitationFormat = 'apa' | 'mla' | 'chicago' | 'harvard' | 'vancouver' | 'ieee' | 'bibtex' | 'ris' | 'cff';
 
-// Citation format state
-const selectedCitationFormat = ref<CitationFormat>('apa'); // For the dropdown in Full Citation section
+// Sync citation format with ?format= URL query param.
+const route = useRoute();
+const router = useRouter();
+const validFormats: CitationFormat[] = ['apa', 'mla', 'chicago', 'harvard', 'vancouver', 'ieee', 'bibtex', 'ris', 'cff'];
+const initialFormat = validFormats.includes(route.query.format as CitationFormat)
+  ? route.query.format as CitationFormat
+  : 'apa';
+const selectedCitationFormat = ref<CitationFormat>(initialFormat);
+
+watch(selectedCitationFormat, (fmt) => {
+  const currentFmt = route.query.format as string | undefined;
+  if (fmt === currentFmt) return;
+  const query = { ...route.query };
+  if (fmt === 'apa') {
+    delete query.format;
+  } else {
+    query.format = fmt;
+  }
+  router.replace({ ...route, query });
+});
 
 // Generate CFF object from metadata
 const cffObject = computed(() => {
diff --git a/web/src/views/DandisetLandingView/DandisetLandingView.vue b/web/src/views/DandisetLandingView/DandisetLandingView.vue
index 3e9ba57d0..fef051851 100644
--- a/web/src/views/DandisetLandingView/DandisetLandingView.vue
+++ b/web/src/views/DandisetLandingView/DandisetLandingView.vue
@@ -130,7 +130,7 @@ import { useDandisetStore } from '@/stores/dandiset';
 import { useListingContextStore } from '@/stores/listingContext';
 import type { Dandiset, Version } from '@/types';
 import { draftVersion, sortingOptions } from '@/utils/constants';
-import { editorInterface } from '@/components/Meditor/state';
+import { editorInterface, open as meditorOpen } from '@/components/Meditor/state';
 import { dandiRest } from '@/rest';
 import DandisetMain from './DandisetMain.vue';
 import DandisetSidebar from './DandisetSidebar.vue';
@@ -167,6 +167,22 @@ const listingContext = useListingContextStore();
 const display = useDisplay();
 
 const isSmDisplay = computed(() => display.smAndDown.value);
+
+// Sync meditor open/close state with ?overlay=meditor URL query param.
+if (route.query.overlay === 'meditor') {
+  meditorOpen.value = true;
+}
+watch(meditorOpen, (isOpen) => {
+  const hasParam = route.query.overlay === 'meditor';
+  if (isOpen && !hasParam) {
+    router.replace({ ...route, query: { ...route.query, overlay: 'meditor' } });
+  } else if (!isOpen && hasParam) {
+    const query = { ...route.query };
+    delete query.overlay;
+    router.replace({ ...route, query });
+  }
+});
+
 const currentDandiset = computed(() => store.dandiset);
 const loading = ref(false);
 

From 175119dd7a32b3355ee2d76e315c66107756769a Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Mon, 6 Apr 2026 11:22:57 -0400
Subject: [PATCH 7/9] Use history.state + URL pos for DLP result navigation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replace the Pinia listingContext store with browser history.state to
carry search/filter context between listing and DLP.  Only ?pos= appears
in the URL (lightweight, bookmarkable position indicator); the full
listing context (sort, search, filters) travels invisibly via
history.state and survives page reload.

The listing page now caches identifiers from the current page (up to 8)
in history.state so prev/next within that window is instant — no extra
API call to discover the next identifier.  Outside the cache window the
DLP falls back to a single API call.

Removes web/src/stores/listingContext.ts (no longer needed).

Co-Authored-By: Claude Code 2.1.92 / Claude Opus 4.6 <noreply@anthropic.com>
---
 e2e/tests/urlParams.spec.ts                   | 40 +++++---
 web/src/components/DandisetList.vue           | 35 +++++--
 web/src/components/DandisetsPage.vue          | 18 ----
 web/src/router/index.ts                       |  4 +-
 web/src/stores/listingContext.ts              | 52 ----------
 .../DandisetLandingView.vue                   | 96 +++++++++++--------
 6 files changed, 114 insertions(+), 131 deletions(-)
 delete mode 100644 web/src/stores/listingContext.ts

diff --git a/e2e/tests/urlParams.spec.ts b/e2e/tests/urlParams.spec.ts
index 95d476308..40d592235 100644
--- a/e2e/tests/urlParams.spec.ts
+++ b/e2e/tests/urlParams.spec.ts
@@ -4,14 +4,15 @@ import { faker } from "@faker-js/faker";
 
 /**
  * Tests that listing query parameters (page, sortOption, sortDir, showDrafts,
- * showEmpty, search, pos) do not leak into Dandiset Landing Page (DLP) URLs,
- * and vice-versa.  See https://github.com/dandi/dandi-archive/issues/1460
+ * showEmpty, search) do not leak into Dandiset Landing Page (DLP) URLs,
+ * and vice-versa.  Note: ?pos= IS allowed on DLP URLs (position in result set).
+ * See https://github.com/dandi/dandi-archive/issues/1460
  */
 
-const LISTING_PARAMS = ["page", "sortOption", "sortDir", "showDrafts", "showEmpty", "search", "pos"];
+const LISTING_PARAMS = ["page", "sortOption", "sortDir", "showDrafts", "showEmpty", "search"];
 
 /** Assert that none of the listing-specific params appear in the current URL. */
-function expectCleanDlpUrl(url: string) {
+function expectNoLeakedParams(url: string) {
   const parsed = new URL(url);
   for (const param of LISTING_PARAMS) {
     expect(parsed.searchParams.has(param), `URL should not contain '${param}': ${url}`).toBeFalsy();
@@ -33,10 +34,12 @@ test.describe("URL parameter isolation (issue #1460)", () => {
     await page.locator(".v-list-item").first().click();
     await page.waitForLoadState("networkidle");
 
-    // DLP URL must be clean
-    expectCleanDlpUrl(page.url());
-    // Should be on a dandiset page
+    // DLP URL must not contain listing params
+    expectNoLeakedParams(page.url());
+    // Should be on a dandiset page with pos param
     expect(page.url()).toMatch(/\/dandiset\/\d+/);
+    const url = new URL(page.url());
+    expect(url.searchParams.has("pos")).toBeTruthy();
   });
 
   test("search params do not leak to DLP", async ({ page }) => {
@@ -58,7 +61,7 @@ test.describe("URL parameter isolation (issue #1460)", () => {
     await page.waitForLoadState("networkidle");
 
     // DLP URL must be clean — no search param
-    expectCleanDlpUrl(page.url());
+    expectNoLeakedParams(page.url());
   });
 
   test("direct DLP navigation produces clean URL", async ({ page }) => {
@@ -71,10 +74,10 @@ test.describe("URL parameter isolation (issue #1460)", () => {
     await page.goto(`${clientUrl}/dandiset/${dandisetId}`);
     await page.waitForLoadState("networkidle");
 
-    expectCleanDlpUrl(page.url());
+    expectNoLeakedParams(page.url());
   });
 
-  test("DLP pagination does not add listing params to URL", async ({ page }) => {
+  test("DLP pagination updates pos but does not add listing params", async ({ page }) => {
     test.slow();
     await registerNewUser(page);
 
@@ -89,12 +92,18 @@ test.describe("URL parameter isolation (issue #1460)", () => {
     await page.locator(".v-list-item").first().click();
     await page.waitForLoadState("networkidle");
 
-    // If pagination is visible, click next and verify URL stays clean
+    const initialPos = new URL(page.url()).searchParams.get("pos");
+    expect(initialPos).toBeTruthy();
+
+    // If pagination is visible, click next and verify pos changes but no listing params leak
     const nextButton = page.locator(".v-pagination__next button");
     if (await nextButton.isVisible()) {
       await nextButton.click();
       await page.waitForLoadState("networkidle");
-      expectCleanDlpUrl(page.url());
+      expectNoLeakedParams(page.url());
+      const newPos = new URL(page.url()).searchParams.get("pos");
+      expect(newPos).toBeTruthy();
+      expect(newPos).not.toBe(initialPos);
     }
   });
 
@@ -128,14 +137,15 @@ test.describe("URL parameter isolation (issue #1460)", () => {
     const description = faker.lorem.sentences();
     const dandisetId = await registerDandiset(page, name, description);
 
-    // Navigate to DLP with manually injected listing params
+    // Navigate to DLP with manually injected listing params (pos is allowed, others are not)
     await page.goto(
       `${clientUrl}/dandiset/${dandisetId}?page=2&sortOption=1&sortDir=-1&showDrafts=true&showEmpty=false&search=test&pos=5`
     );
     await page.waitForLoadState("networkidle");
 
-    // The router guard should have stripped all listing params
-    expectCleanDlpUrl(page.url());
+    // The router guard should have stripped listing params but kept pos
+    expectNoLeakedParams(page.url());
+    expect(new URL(page.url()).searchParams.get("pos")).toBe("5");
   });
 });
 
diff --git a/web/src/components/DandisetList.vue b/web/src/components/DandisetList.vue
index c875db433..9d4d460d2 100644
--- a/web/src/components/DandisetList.vue
+++ b/web/src/components/DandisetList.vue
@@ -12,7 +12,7 @@
         params: { identifier: item.dandiset.identifier },
       }"
       exact
-      @click="savePos(index)"
+      @click.prevent="navigateToDandiset(item.dandiset.identifier, index)"
     >
       <v-list-item-title class="wrap-text text-h6 text-grey-darken-3 font-weight-medium">
         {{ item.name }}
@@ -80,17 +80,16 @@
 
 <script setup lang="ts">
 import { ref, onMounted, type PropType } from 'vue';
-import { useRoute } from 'vue-router';
+import { useRoute, useRouter } from 'vue-router';
 import moment from 'moment';
 import { filesize } from 'filesize';
 import StarButton from '@/components/StarButton.vue';
 import { dandiRest } from '@/rest';
-import { useListingContextStore } from '@/stores/listingContext';
 
 import type { Version } from '@/types';
 import { DANDISETS_PER_PAGE } from '@/utils/constants';
 
-defineProps({
+const props = defineProps({
   dandisets: {
     type: Array as PropType<Version[]>,
     required: true,
@@ -98,7 +97,7 @@ defineProps({
 });
 
 const route = useRoute();
-const listingContext = useListingContextStore();
+const router = useRouter();
 const archiveName = ref<string>('');
 
 onMounted(async () => {
@@ -110,8 +109,30 @@ onMounted(async () => {
 function getPos(index: number) {
   return (Number(route.query.page || 1) - 1) * DANDISETS_PER_PAGE + (index + 1);
 }
-function savePos(index: number) {
-  listingContext.setContext({ pos: getPos(index) });
+
+// Navigate to a dandiset, carrying listing context in history.state and pos in URL.
+// Cached identifiers from the current page allow instant prev/next without API calls.
+function navigateToDandiset(identifier: string, index: number) {
+  const cachedIds = props.dandisets.map((d) => d.dandiset.identifier);
+  const pageStart = (Number(route.query.page || 1) - 1) * DANDISETS_PER_PAGE;
+
+  router.push({
+    name: 'dandisetLanding',
+    params: { identifier },
+    query: { pos: String(getPos(index)) },
+    state: {
+      listingContext: {
+        sortOption: Number(route.query.sortOption) || 0,
+        sortDir: Number(route.query.sortDir || -1),
+        search: (route.query.search as string) || null,
+        showDrafts: route.query.showDrafts !== 'false',
+        showEmpty: route.query.showEmpty === 'true',
+      },
+      // Cached identifiers with their absolute offset in the result set
+      cachedIds,
+      cachedOffset: pageStart, // 0-based offset of cachedIds[0] in the full result set
+    },
+  });
 }
 function formatDate(date: string) {
   return moment(date).format('LL');
diff --git a/web/src/components/DandisetsPage.vue b/web/src/components/DandisetsPage.vue
index 9d09801bc..1529be604 100644
--- a/web/src/components/DandisetsPage.vue
+++ b/web/src/components/DandisetsPage.vue
@@ -187,7 +187,6 @@ import { useRoute } from 'vue-router';
 import DandisetList from '@/components/DandisetList.vue';
 import DandisetSearchField from '@/components/DandisetSearchField.vue';
 import { dandiRest } from '@/rest';
-import { useListingContextStore } from '@/stores/listingContext';
 import type { Dandiset, Paginated, Version } from '@/types';
 import { sortingOptions, DANDISETS_PER_PAGE } from '@/utils/constants';
 import router from '@/router';
@@ -277,23 +276,6 @@ watch(queryParams, (params) => {
     },
   });
 });
-
-// Keep the listing context store in sync so the DLP can use it for pagination
-// without needing URL query params.
-const listingContext = useListingContextStore();
-watch(
-  [sortOption, sortDir, showDrafts, showEmpty, () => route.query.search],
-  () => {
-    listingContext.setContext({
-      sortOption: sortOption.value,
-      sortDir: sortDir.value,
-      showDrafts: showDrafts.value,
-      showEmpty: showEmpty.value,
-      search: (route.query.search as string) || null,
-    });
-  },
-  { immediate: true },
-);
 </script>
 
 <style scoped>
diff --git a/web/src/router/index.ts b/web/src/router/index.ts
index 78b04541c..f0feb2cff 100644
--- a/web/src/router/index.ts
+++ b/web/src/router/index.ts
@@ -65,7 +65,9 @@ const routes: RouteRecordRaw[] = [
 ];
 
 // Listing-specific query params that must not appear on DLP URLs.
-const LISTING_PARAMS = ['page', 'sortOption', 'sortDir', 'showDrafts', 'showEmpty', 'search', 'pos'];
+// Listing-specific params to strip. Note: 'pos' is intentionally NOT here —
+// it is a legitimate DLP param for position within a result set.
+const LISTING_PARAMS = ['page', 'sortOption', 'sortDir', 'showDrafts', 'showEmpty', 'search'];
 
 const router = createRouter({
   history: createWebHistory(),
diff --git a/web/src/stores/listingContext.ts b/web/src/stores/listingContext.ts
deleted file mode 100644
index 19b26de9f..000000000
--- a/web/src/stores/listingContext.ts
+++ /dev/null
@@ -1,52 +0,0 @@
-import { defineStore } from 'pinia';
-import { ref } from 'vue';
-
-/**
- * Stores the listing page context (sort, search, filters, position) so the DLP
- * can offer "page through dandisets" navigation without leaking listing params
- * into the URL.  This state is transient — it does not survive a page reload.
- */
-export const useListingContextStore = defineStore('listingContext', () => {
-  const pos = ref<number | null>(null);
-  const sortOption = ref(0);
-  const sortDir = ref(-1);
-  const search = ref<string | null>(null);
-  const showDrafts = ref(true);
-  const showEmpty = ref(false);
-
-  function setContext(ctx: {
-    pos?: number | null;
-    sortOption?: number;
-    sortDir?: number;
-    search?: string | null;
-    showDrafts?: boolean;
-    showEmpty?: boolean;
-  }) {
-    if (ctx.pos !== undefined) pos.value = ctx.pos;
-    if (ctx.sortOption !== undefined) sortOption.value = ctx.sortOption;
-    if (ctx.sortDir !== undefined) sortDir.value = ctx.sortDir;
-    if (ctx.search !== undefined) search.value = ctx.search;
-    if (ctx.showDrafts !== undefined) showDrafts.value = ctx.showDrafts;
-    if (ctx.showEmpty !== undefined) showEmpty.value = ctx.showEmpty;
-  }
-
-  function clear() {
-    pos.value = null;
-    sortOption.value = 0;
-    sortDir.value = -1;
-    search.value = null;
-    showDrafts.value = true;
-    showEmpty.value = false;
-  }
-
-  return {
-    pos,
-    sortOption,
-    sortDir,
-    search,
-    showDrafts,
-    showEmpty,
-    setContext,
-    clear,
-  };
-});
diff --git a/web/src/views/DandisetLandingView/DandisetLandingView.vue b/web/src/views/DandisetLandingView/DandisetLandingView.vue
index fef051851..a6e7f0c67 100644
--- a/web/src/views/DandisetLandingView/DandisetLandingView.vue
+++ b/web/src/views/DandisetLandingView/DandisetLandingView.vue
@@ -119,7 +119,6 @@
 import {
   computed, watch, onMounted, ref,
 } from 'vue';
-import type { Ref } from 'vue';
 import { onBeforeRouteLeave, useRoute, useRouter } from 'vue-router';
 import type { RouteLocationRaw } from 'vue-router';
 import { useDisplay } from 'vuetify';
@@ -127,8 +126,7 @@ import { useDisplay } from 'vuetify';
 import DandisetSearchField from '@/components/DandisetSearchField.vue';
 import Meditor from '@/components/Meditor/Meditor.vue';
 import { useDandisetStore } from '@/stores/dandiset';
-import { useListingContextStore } from '@/stores/listingContext';
-import type { Dandiset, Version } from '@/types';
+import type { Version } from '@/types';
 import { draftVersion, sortingOptions } from '@/utils/constants';
 import { editorInterface, open as meditorOpen } from '@/components/Meditor/state';
 import { dandiRest } from '@/rest';
@@ -163,7 +161,6 @@ onBeforeRouteLeave((to, from, next) => {
 const route = useRoute();
 const router = useRouter();
 const store = useDandisetStore();
-const listingContext = useListingContextStore();
 const display = useDisplay();
 
 const isSmDisplay = computed(() => display.smAndDown.value);
@@ -253,50 +250,71 @@ watch([() => props.identifier, () => props.version], async () => {
   loading.value = false;
 });
 
-// Listing pagination — reads context from the Pinia store (not URL params)
-// so that DLP URLs stay clean and shareable.
-const hasListingContext = computed(() => listingContext.pos !== null);
-const page = ref(listingContext.pos || 1);
+// Listing pagination — uses history.state for search context (invisible in URL)
+// and ?pos= for position (visible, survives reload).  Cached identifiers from
+// the listing page allow instant prev/next without additional API calls.
+const historyCtx = window.history.state?.listingContext as {
+  sortOption: number; sortDir: number; search: string | null;
+  showDrafts: boolean; showEmpty: boolean;
+} | undefined;
+const cachedIds = (window.history.state?.cachedIds ?? []) as string[];
+const cachedOffset = (window.history.state?.cachedOffset ?? 0) as number;
+
+const initialPos = Number(route.query.pos) || 0;
+const hasListingContext = computed(() => initialPos > 0 && !!historyCtx);
+const page = ref(initialPos);
 const pages = ref(1);
-const nextDandiset: Ref<Partial<Dandiset>[]> = ref([]);
 
-async function fetchNextPage() {
-  const sortField = sortingOptions[listingContext.sortOption].djangoField;
-  const ordering = ((listingContext.sortDir === -1) ? '-' : '') + sortField;
+// Try to resolve an identifier from the cache (0-based pos → cache index).
+function cachedIdentifierAt(pos: number): string | null {
+  const idx = pos - 1 - cachedOffset; // pos is 1-based
+  if (idx >= 0 && idx < cachedIds.length) {
+    return cachedIds[idx];
+  }
+  return null;
+}
+
+// Fallback: fetch one result at the given position from the listing API.
+async function fetchIdentifierAt(pos: number): Promise<string | null> {
+  if (!historyCtx) return null;
+  const sortField = sortingOptions[historyCtx.sortOption].djangoField;
+  const ordering = ((historyCtx.sortDir === -1) ? '-' : '') + sortField;
   const response = await dandiRest.dandisets({
-    page: page.value,
+    page: pos,
     page_size: 1,
     ordering,
-    search: listingContext.search,
-    draft: listingContext.showDrafts,
-    empty: listingContext.showEmpty,
+    search: historyCtx.search,
+    draft: historyCtx.showDrafts,
+    empty: historyCtx.showEmpty,
   });
-
-  pages.value = (response.data?.count) ? response.data?.count : 1;
-  nextDandiset.value = response.data?.results.map((dandiset) => ({
-    ...(dandiset.most_recent_published_version || dandiset.draft_version),
-    contact_person: dandiset.contact_person,
-    identifier: dandiset.identifier,
-  }));
+  pages.value = response.data?.count ?? 1;
+  const results = response.data?.results;
+  return results?.[0]?.identifier ?? null;
 }
 
-function navigateToPage() {
-  if (nextDandiset.value) {
-    const { identifier } = nextDandiset.value[0];
-    if (identifier !== props.identifier) { // to avoid redundant navigation
-      router.push({
-        name: route.name || undefined,
-        params: { identifier },
-      });
-    }
+function navigateToDandiset(identifier: string, pos: number) {
+  if (identifier !== props.identifier) {
+    router.push({
+      name: route.name || undefined,
+      params: { identifier },
+      query: { pos: String(pos) },
+      // Carry the same listing context + cache forward.
+      state: {
+        listingContext: historyCtx,
+        cachedIds,
+        cachedOffset,
+      },
+    });
   }
 }
 
-watch(page, async (newValue, oldValue) => {
-  if (oldValue !== newValue) {
-    listingContext.setContext({ pos: newValue });
-    await fetchNextPage();
-    navigateToPage();
+watch(page, async (newPos, oldPos) => {
+  if (oldPos === newPos || newPos < 1) return;
+
+  // Try cache first, then fall back to API.
+  const identifier = cachedIdentifierAt(newPos) ?? await fetchIdentifierAt(newPos);
+  if (identifier) {
+    navigateToDandiset(identifier, newPos);
   }
 });
 
@@ -314,7 +332,9 @@ onMounted(async () => {
     }
   });
   if (hasListingContext.value) {
-    await fetchNextPage(); // get the current page and total count
+    // Fetch total count so the pagination component knows the length.
+    // If we have cache, we might still need the count from the API.
+    await fetchIdentifierAt(page.value);
   }
 });
 </script>

From ebcca9759794596dc95506608fe5f0d6c16f04a4 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Tue, 7 Apr 2026 08:41:09 -0400
Subject: [PATCH 8/9] Fix DLP result navigation: reactive state, search
 context, e2e fixes

- Make history.state reads reactive (via computed + route.fullPath dep)
  so the listing context updates correctly when navigating between
  dandisets via prev/next
- Sync page ref with route.query.pos on route changes
- Preserve ?search= on DLP URLs so the search bar shows the query
  context (matches original master behavior)
- Use fully programmatic navigation in DandisetList (remove :to binding)
  to avoid double-navigation with @click.prevent on router-link
- Update e2e tests: search and pos are legitimate DLP params
- Fix TypeScript HistoryState compatibility for ListingCtx

Co-Authored-By: Claude Code 2.1.92 / Claude Opus 4.6 <noreply@anthropic.com>
---
 e2e/tests/urlParams.spec.ts                   | 21 +++--
 web/src/components/DandisetList.vue           | 10 +--
 web/src/router/index.ts                       |  7 +-
 .../DandisetLandingView.vue                   | 79 ++++++++++++-------
 4 files changed, 72 insertions(+), 45 deletions(-)

diff --git a/e2e/tests/urlParams.spec.ts b/e2e/tests/urlParams.spec.ts
index 40d592235..8737e1692 100644
--- a/e2e/tests/urlParams.spec.ts
+++ b/e2e/tests/urlParams.spec.ts
@@ -9,7 +9,9 @@ import { faker } from "@faker-js/faker";
  * See https://github.com/dandi/dandi-archive/issues/1460
  */
 
-const LISTING_PARAMS = ["page", "sortOption", "sortDir", "showDrafts", "showEmpty", "search"];
+// These listing-specific params must NOT appear on DLP URLs.
+// Note: 'pos' and 'search' are allowed — pos for result set position, search for context.
+const LISTING_PARAMS = ["page", "sortOption", "sortDir", "showDrafts", "showEmpty"];
 
 /** Assert that none of the listing-specific params appear in the current URL. */
 function expectNoLeakedParams(url: string) {
@@ -42,7 +44,7 @@ test.describe("URL parameter isolation (issue #1460)", () => {
     expect(url.searchParams.has("pos")).toBeTruthy();
   });
 
-  test("search params do not leak to DLP", async ({ page }) => {
+  test("search context is preserved but listing params do not leak to DLP", async ({ page }) => {
     await registerNewUser(page);
     const name = `searchtest-${faker.lorem.word()}`;
     const description = faker.lorem.sentences();
@@ -60,8 +62,12 @@ test.describe("URL parameter isolation (issue #1460)", () => {
     await items.first().click();
     await page.waitForLoadState("networkidle");
 
-    // DLP URL must be clean — no search param
+    // DLP URL must not have listing params
     expectNoLeakedParams(page.url());
+    // But search and pos should be present for context
+    const url = new URL(page.url());
+    expect(url.searchParams.get("search")).toBe(name);
+    expect(url.searchParams.has("pos")).toBeTruthy();
   });
 
   test("direct DLP navigation produces clean URL", async ({ page }) => {
@@ -137,15 +143,18 @@ test.describe("URL parameter isolation (issue #1460)", () => {
     const description = faker.lorem.sentences();
     const dandisetId = await registerDandiset(page, name, description);
 
-    // Navigate to DLP with manually injected listing params (pos is allowed, others are not)
+    // Navigate to DLP with manually injected listing params
+    // pos and search are allowed; page/sortOption/sortDir/showDrafts/showEmpty are not
     await page.goto(
       `${clientUrl}/dandiset/${dandisetId}?page=2&sortOption=1&sortDir=-1&showDrafts=true&showEmpty=false&search=test&pos=5`
     );
     await page.waitForLoadState("networkidle");
 
-    // The router guard should have stripped listing params but kept pos
+    // The router guard should have stripped listing params but kept pos and search
     expectNoLeakedParams(page.url());
-    expect(new URL(page.url()).searchParams.get("pos")).toBe("5");
+    const url = new URL(page.url());
+    expect(url.searchParams.get("pos")).toBe("5");
+    expect(url.searchParams.get("search")).toBe("test");
   });
 });
 
diff --git a/web/src/components/DandisetList.vue b/web/src/components/DandisetList.vue
index 9d4d460d2..6a80da401 100644
--- a/web/src/components/DandisetList.vue
+++ b/web/src/components/DandisetList.vue
@@ -7,12 +7,7 @@
       v-for="(item, index) in dandisets"
       :key="item.dandiset.identifier"
       class="py-3"
-      :to="{
-        name: 'dandisetLanding',
-        params: { identifier: item.dandiset.identifier },
-      }"
-      exact
-      @click.prevent="navigateToDandiset(item.dandiset.identifier, index)"
+      @click="navigateToDandiset(item.dandiset.identifier, index)"
     >
       <v-list-item-title class="wrap-text text-h6 text-grey-darken-3 font-weight-medium">
         {{ item.name }}
@@ -116,10 +111,11 @@ function navigateToDandiset(identifier: string, index: number) {
   const cachedIds = props.dandisets.map((d) => d.dandiset.identifier);
   const pageStart = (Number(route.query.page || 1) - 1) * DANDISETS_PER_PAGE;
 
+  const search = (route.query.search as string) || undefined;
   router.push({
     name: 'dandisetLanding',
     params: { identifier },
-    query: { pos: String(getPos(index)) },
+    query: { pos: String(getPos(index)), ...(search ? { search } : {}) },
     state: {
       listingContext: {
         sortOption: Number(route.query.sortOption) || 0,
diff --git a/web/src/router/index.ts b/web/src/router/index.ts
index f0feb2cff..07902fbdb 100644
--- a/web/src/router/index.ts
+++ b/web/src/router/index.ts
@@ -65,9 +65,10 @@ const routes: RouteRecordRaw[] = [
 ];
 
 // Listing-specific query params that must not appear on DLP URLs.
-// Listing-specific params to strip. Note: 'pos' is intentionally NOT here —
-// it is a legitimate DLP param for position within a result set.
-const LISTING_PARAMS = ['page', 'sortOption', 'sortDir', 'showDrafts', 'showEmpty', 'search'];
+// Listing-specific params to strip from DLP URLs.
+// Note: 'pos' and 'search' are intentionally NOT here — pos indicates position
+// in a result set, and search populates the search bar for context.
+const LISTING_PARAMS = ['page', 'sortOption', 'sortDir', 'showDrafts', 'showEmpty'];
 
 const router = createRouter({
   history: createWebHistory(),
diff --git a/web/src/views/DandisetLandingView/DandisetLandingView.vue b/web/src/views/DandisetLandingView/DandisetLandingView.vue
index a6e7f0c67..8846ea95b 100644
--- a/web/src/views/DandisetLandingView/DandisetLandingView.vue
+++ b/web/src/views/DandisetLandingView/DandisetLandingView.vue
@@ -253,21 +253,41 @@ watch([() => props.identifier, () => props.version], async () => {
 // Listing pagination — uses history.state for search context (invisible in URL)
 // and ?pos= for position (visible, survives reload).  Cached identifiers from
 // the listing page allow instant prev/next without additional API calls.
-const historyCtx = window.history.state?.listingContext as {
+
+interface ListingCtx {
   sortOption: number; sortDir: number; search: string | null;
   showDrafts: boolean; showEmpty: boolean;
-} | undefined;
-const cachedIds = (window.history.state?.cachedIds ?? []) as string[];
-const cachedOffset = (window.history.state?.cachedOffset ?? 0) as number;
+}
 
-const initialPos = Number(route.query.pos) || 0;
-const hasListingContext = computed(() => initialPos > 0 && !!historyCtx);
-const page = ref(initialPos);
+// Read listing context reactively from history.state on each route change.
+const listingState = computed(() => {
+  // Access route.fullPath to create a reactive dependency on route changes.
+  // eslint-disable-next-line @typescript-eslint/no-unused-expressions
+  route.fullPath;
+  return {
+    ctx: window.history.state?.listingContext as ListingCtx | undefined,
+    cachedIds: (window.history.state?.cachedIds ?? []) as string[],
+    cachedOffset: (window.history.state?.cachedOffset ?? 0) as number,
+  };
+});
+
+const hasListingContext = computed(
+  () => Number(route.query.pos) > 0 && !!listingState.value.ctx,
+);
+const page = ref(Number(route.query.pos) || 0);
 const pages = ref(1);
 
-// Try to resolve an identifier from the cache (0-based pos → cache index).
+// Keep `page` in sync when the route's ?pos= changes (e.g. after navigateToDandiset).
+watch(() => Number(route.query.pos) || 0, (newPos) => {
+  if (newPos !== page.value) {
+    page.value = newPos;
+  }
+});
+
+// Try to resolve an identifier from the cache (pos is 1-based).
 function cachedIdentifierAt(pos: number): string | null {
-  const idx = pos - 1 - cachedOffset; // pos is 1-based
+  const { cachedIds, cachedOffset } = listingState.value;
+  const idx = pos - 1 - cachedOffset;
   if (idx >= 0 && idx < cachedIds.length) {
     return cachedIds[idx];
   }
@@ -276,16 +296,17 @@ function cachedIdentifierAt(pos: number): string | null {
 
 // Fallback: fetch one result at the given position from the listing API.
 async function fetchIdentifierAt(pos: number): Promise<string | null> {
-  if (!historyCtx) return null;
-  const sortField = sortingOptions[historyCtx.sortOption].djangoField;
-  const ordering = ((historyCtx.sortDir === -1) ? '-' : '') + sortField;
+  const ctx = listingState.value.ctx;
+  if (!ctx) return null;
+  const sortField = sortingOptions[ctx.sortOption].djangoField;
+  const ordering = ((ctx.sortDir === -1) ? '-' : '') + sortField;
   const response = await dandiRest.dandisets({
     page: pos,
     page_size: 1,
     ordering,
-    search: historyCtx.search,
-    draft: historyCtx.showDrafts,
-    empty: historyCtx.showEmpty,
+    search: ctx.search,
+    draft: ctx.showDrafts,
+    empty: ctx.showEmpty,
   });
   pages.value = response.data?.count ?? 1;
   const results = response.data?.results;
@@ -293,25 +314,25 @@ async function fetchIdentifierAt(pos: number): Promise<string | null> {
 }
 
 function navigateToDandiset(identifier: string, pos: number) {
-  if (identifier !== props.identifier) {
-    router.push({
-      name: route.name || undefined,
-      params: { identifier },
-      query: { pos: String(pos) },
-      // Carry the same listing context + cache forward.
-      state: {
-        listingContext: historyCtx,
-        cachedIds,
-        cachedOffset,
-      },
-    });
-  }
+  if (identifier === props.identifier) return;
+  const { ctx, cachedIds, cachedOffset } = listingState.value;
+  const search = (route.query.search as string) || undefined;
+  router.push({
+    name: route.name || undefined,
+    params: { identifier },
+    query: { pos: String(pos), ...(search ? { search } : {}) },
+    state: {
+      listingContext: ctx ? { ...ctx } : undefined,
+      cachedIds,
+      cachedOffset,
+    },
+  });
 }
 
+// When the user clicks prev/next, resolve the identifier and navigate.
 watch(page, async (newPos, oldPos) => {
   if (oldPos === newPos || newPos < 1) return;
 
-  // Try cache first, then fall back to API.
   const identifier = cachedIdentifierAt(newPos) ?? await fetchIdentifierAt(newPos);
   if (identifier) {
     navigateToDandiset(identifier, newPos);

From be929161ff8eb88d22b029de35b64444f7a0e2cd Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Wed, 15 Apr 2026 15:21:11 -0400
Subject: [PATCH 9/9] Fix e2e test selectors and StarButton click bubbling

- Fix meditor button selector: use getByText("Metadata") instead of
  getByRole("button") since Vuetify v-list-item has role="listitem"
- Fix meditor dialog selector: use .v-overlay--active .v-card which
  works reliably in Vuetify 3
- Add .stop to StarButton @click to prevent event bubbling to the
  parent list-item's @click handler (would cause unwanted navigation)

Co-Authored-By: Claude Code 2.1.92 / Claude Opus 4.6 <noreply@anthropic.com>
---
 e2e/tests/urlParams.spec.ts       | 6 +++---
 web/src/components/StarButton.vue | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/e2e/tests/urlParams.spec.ts b/e2e/tests/urlParams.spec.ts
index 8737e1692..bdb9e8f7e 100644
--- a/e2e/tests/urlParams.spec.ts
+++ b/e2e/tests/urlParams.spec.ts
@@ -314,7 +314,7 @@ test.describe("DLP meditor overlay URL state", () => {
     expect(new URL(page.url()).searchParams.has("overlay")).toBeFalsy();
 
     // Click the metadata edit button to open meditor
-    await page.getByRole("button", { name: "Metadata" }).click();
+    await page.getByText("Metadata", { exact: true }).click();
     await page.waitForTimeout(500);
 
     expect(new URL(page.url()).searchParams.get("overlay")).toBe("meditor");
@@ -328,7 +328,7 @@ test.describe("DLP meditor overlay URL state", () => {
     await page.waitForLoadState("networkidle");
 
     // Meditor dialog should be open
-    await expect(page.locator(".v-dialog--active, .v-overlay--active")).toBeVisible();
+    await expect(page.locator(".v-overlay--active .v-card")).toBeVisible();
 
     // Close the dialog (press Escape)
     await page.keyboard.press("Escape");
@@ -346,6 +346,6 @@ test.describe("DLP meditor overlay URL state", () => {
     await page.waitForLoadState("networkidle");
 
     // Meditor dialog should be visible
-    await expect(page.locator(".v-dialog--active, .v-overlay--active")).toBeVisible();
+    await expect(page.locator(".v-overlay--active .v-card")).toBeVisible();
   });
 });
diff --git a/web/src/components/StarButton.vue b/web/src/components/StarButton.vue
index 0eaf18fd5..17b851de3 100644
--- a/web/src/components/StarButton.vue
+++ b/web/src/components/StarButton.vue
@@ -4,7 +4,7 @@
       variant="plain"
       icon
       :readonly="!loggedIn"
-      @click.prevent="toggleStar"
+      @click.stop.prevent="toggleStar"
     >
       <v-icon :color="isStarred ? 'amber darken-2' : undefined">
         {{ isStarred ? 'mdi-star' : 'mdi-star-outline' }}