fix(linter-findings): Reformat readme and add justification for semgrep mute on turnstile import

jackseceng · jackseceng · commit e3e8a245d6a9 · 2026-04-11T18:59:13.000+01:00
diff --git a/app/templates/index.html b/app/templates/index.html
@@ -125,6 +125,7 @@ <h1>Shorten a link</h1>
       <a href="https://jacksec.engineer" target="_blank"> Made by Jack </a>
     </div>
     <script src="https://{{ cdn }}/main.js" integrity="sha384-+mgxv/j8PS4LqfbANhG2Iy3ZROxiOMvFDK5SAzv2RzFAl/VXX4baZgpmUVEENxS/" crossorigin="anonymous"></script>
+    <!-- nosemgrep: missing-integrity - SRI cannot be applied to this third-party Cloudflare Turnstile script as the file contents are managed and updated by Cloudflare. Adding an integrity hash would break the captcha whenever Cloudflare updates the script. -->
     <script
       src="https://challenges.cloudflare.com/turnstile/v0/api.js"
       async
diff --git a/readme.md b/readme.md
@@ -141,6 +141,9 @@ for f in app/static/*; do echo "$(basename $f): sha384-$(openssl dgst -sha384 -b
 ```
 
 > [!IMPORTANT]
-> If you upload modified static files to your dev R2 bucket without updating the `integrity` attributes in the HTML templates, the browser will block those resources from loading. After updating the `integrity` attributes in the templates, you must rebuild the container with `docker compose up -d --build` for the changes to take effect. In production, you must also purge the Cloudflare cache for any updated files, otherwise the CDN will continue serving the old version. This can be done in the Cloudflare dashboard under Caching > Configuration > Custom Purge, entering the full URL of each updated file.
+> If you upload modified static files to your dev R2 bucket without updating the `integrity` attributes in the HTML templates, the browser will block those resources from loading.
+> After updating the `integrity` attributes in the templates, you must rebuild the container with `docker compose up -d --build` for the changes to take effect.
+> In production, you must also purge the Cloudflare cache for any updated files, otherwise the CDN will continue serving the old version.
+> This can be done in the Cloudflare dashboard under Caching > Configuration > Custom Purge, entering the full URL of each updated file.
 
 ## Developed by [Jack](https://jacksec.engineer)
