Follow-up items from PR #13 bot reviews that weren't addressed before merge:
Security
CDN dependencies missing SRI hashes
Tailwind, Alpine.js, and AOS are loaded from CDN without Subresource Integrity hashes. If any CDN is compromised, arbitrary JS runs on the page.
Options:
- Add
integrity="sha384-..." attributes to all <script> tags
- Or self-host these assets
Accessibility
Mobile menu button has no accessible label
The hamburger button has :aria-expanded but no aria-label. Screen readers announce it as an unlabeled button.
Fix: Add aria-label="Toggle navigation" to the <button>
Sortable columns don't expose sort state
Sort direction is visual-only (CSS arrows). Screen readers have no way to know which column is sorted or in which direction.
Fix: Add aria-sort attribute updates in updateSortIndicators():
th.setAttribute('aria-sort', th.dataset.sort === sortKey
? (sortDir === 'asc' ? 'ascending' : 'descending')
: 'none');Column tooltips are mouse-only
.col-tooltip uses CSS :hover — keyboard users can't access these explanations.
Options:
- Add
:focus-within trigger
- Use
title attributes as fallback
Performance (non-blocking)
Tailwind Play CDN in production
The Play CDN is ~3MB and re-parses classes at runtime. The standalone CLI can produce a purged ~10KB file with zero runtime cost and no Node required.
Source: Bot reviews from claude[bot], cursor[bot], and chatgpt-codex-connector[bot]
Follow-up items from PR #13 bot reviews that weren't addressed before merge:
Security
CDN dependencies missing SRI hashes
Tailwind, Alpine.js, and AOS are loaded from CDN without Subresource Integrity hashes. If any CDN is compromised, arbitrary JS runs on the page.
Options:
integrity="sha384-..."attributes to all<script>tagsAccessibility
Mobile menu button has no accessible label
The hamburger button has
:aria-expandedbut noaria-label. Screen readers announce it as an unlabeled button.Fix: Add
aria-label="Toggle navigation"to the<button>Sortable columns don't expose sort state
Sort direction is visual-only (CSS arrows). Screen readers have no way to know which column is sorted or in which direction.
Fix: Add
aria-sortattribute updates inupdateSortIndicators():Column tooltips are mouse-only
.col-tooltipuses CSS:hover— keyboard users can't access these explanations.Options:
:focus-withintriggertitleattributes as fallbackPerformance (non-blocking)
Tailwind Play CDN in production
The Play CDN is ~3MB and re-parses classes at runtime. The standalone CLI can produce a purged ~10KB file with zero runtime cost and no Node required.
Source: Bot reviews from claude[bot], cursor[bot], and chatgpt-codex-connector[bot]