§7 comment cleanup (todo §7); targeted density pass over the §7 accretion. The §7 modules were authored dense (the reference plugin is a teaching artifact, the host additions concise), so two wins: tightened chrome.ts's module header (7→5 lines, dropped the input-list duplicated by ChromeOptions + the nav-composition restatement already carried by the nav field/markCurrent comments); fixed a stale forward-ref in docs/plugin-contract.md (the safeUrl() helper said "§5/§7" but §7 deferred it to §9). Left intact: the reference plugin's instructive comments, the EJS view config-doc headers, and the contract doc + plugin README (authored concise in §7). README Status/_(planned)_/Layout refresh stays §9. Docs/comments-only; typecheck + 301 units green.

2026-06-19 15:38:36 +02:00
parent 4e97fb619e
commit 98784a3239
3 changed files with 5 additions and 8 deletions
--- a/docs/plugin-contract.md
+++ b/docs/plugin-contract.md
@@ -166,8 +166,7 @@ safety of the data it renders**:
  item, a breadcrumb, `brand.logo` — is emitted as-is inside the attribute: a `javascript:` or
  `data:` URL from upstream/user data becomes live XSS. When a URL comes from data you don't
  control, restrict it to a relative (`/`, `?`, `#`) or `http(s):` URL before handing it to a
-  partial. (A shared `safeUrl()` helper will land with the first plugin that renders untrusted
-  URL data, §5/§7.)
+  partial. (A shared `safeUrl()` helper is planned for §9, with the redirect-URI allowlist work.)

 ## RequestContext