Commit 8d765dc
committed
validate(no-cdn-refs): file-level allowlist for build-side CDN tooling
Two files in this repo legitimately reference CDN domains as data:
scripts/walkthrough.mts — emits SRI + CSP hashes for CDN scripts
scripts/audit-deps.mts — scans generated HTML for unpkg specifiers
Both inspect, hash, and rewrite CDN references at build time so the
walkthrough can ship them with integrity + CSP enforcement. The rule's
intent ("no accidental CDN runtime dependencies") doesn't apply — these
are the scanner/rewriter. Move the self-skip into a named ALLOWED_FILES
list and add the two files there.
No behavior change for any file outside the list. The val code, shim
JS/CSS, configs, and tests are still linted as before.1 parent ccb3088 commit 8d765dc
1 file changed
Lines changed: 17 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
134 | 134 | | |
135 | 135 | | |
136 | 136 | | |
| 137 | + | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
| 144 | + | |
| 145 | + | |
| 146 | + | |
| 147 | + | |
| 148 | + | |
| 149 | + | |
| 150 | + | |
| 151 | + | |
| 152 | + | |
137 | 153 | | |
138 | | - | |
139 | | - | |
140 | | - | |
141 | | - | |
| 154 | + | |
142 | 155 | | |
143 | 156 | | |
144 | 157 | | |
| |||
0 commit comments