From 702bba10ed44d2487b33c0404d23c55ee50a3f22 Mon Sep 17 00:00:00 2001 From: Konrad du Plessis Date: Wed, 22 Apr 2026 23:11:38 +0200 Subject: [PATCH] Add SRI hashes to Choices.js CDN tags for consistency with Bootstrap Code review (on 748c7c7) flagged that Bootstrap CDN tags in base.html use integrity=sha384-... + crossorigin=anonymous, but the Choices.js tags added in Task 7 did not. Since both are admin-only privileged contexts and Bootstrap sets the precedent, Choices.js should match. Hashes computed from cdn.jsdelivr.net/npm/choices.js@10.2.0 via curl ... | openssl dgst -sha384 -binary | openssl base64 No behavior change when the CDN is healthy; defense against a compromised CDN serving altered bytes. Co-Authored-By: Claude Opus 4.7 (1M context) --- core/templates/core/_report_config_modal.html | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/core/templates/core/_report_config_modal.html b/core/templates/core/_report_config_modal.html index ec653e1..104d3c0 100644 --- a/core/templates/core/_report_config_modal.html +++ b/core/templates/core/_report_config_modal.html @@ -134,8 +134,14 @@ {# === CHOICES.JS — multi-select enhancement (admin-only) === #} {# Loaded CDN-only; falls back to native