Remove jQuery and replace lightbox with vanilla JS (Phase 1: Security & Performance)

[lordfolken]

Summary

This PR removes the outdated jQuery 1.8.2 dependency and replaces the jQuery lightbox with a modern vanilla JavaScript implementation.

Changes

• ✅ Removed jQuery 1.8.2 (12+ years old, security vulnerabilities)
• ✅ Removed jQuery lightbox plugin
• ✅ Added modern vanilla JS lightbox (no dependencies)
• ✅ Updated all pages to use new lightbox
• ✅ Removed unnecessary jQuery flags from pages that didn't use it

Benefits

• Security: Removes outdated library with known vulnerabilities
• Performance: ~93% file size reduction (90KB → 6KB)
• Modern: ES6+ JavaScript, no dependencies
• Accessible: ARIA labels, keyboard navigation
• Mobile-friendly: Touch support, responsive design

Features

The new lightbox includes:

• Keyboard navigation (Arrow keys, Escape)
• Touch-friendly mobile support
• Accessible (ARIA labels)
• Image counter and captions
• Smooth animations

Testing

• ✅ Jekyll build successful
• ✅ All pages compile correctly
• ✅ Lightbox works on homepage and screenshots page

Related Issues

Fixes #42 - Replace jquery lightbox with generic lightbox

Phase 1 Progress

This is part of Phase 1: Critical Security & Performance improvements:

• Remove jQuery dependency
• Replace lightbox plugin
• Add security headers (next)
• Optimize images (next)

File Size Comparison

• Before: jQuery (90KB) + Lightbox plugin (~10KB) = ~100KB
• After: Lightbox JS (4KB) + CSS (2KB) = ~6KB
• Reduction: ~94KB saved per page load

Summary by CodeRabbit

• Security

  • Added site security headers and server guidance to strengthen protection.

• New Features

  • Native lightbox, screenshot carousel, lazy-loading, responsive navbar, and modernized layouts replacing legacy scripts.

• Bug Fixes

  • Typo fixes and CI/runtime version bump.

• Documentation

  • Added website structure, modernization roadmap, security headers guide, hosting/local-resources and HTML5-first rules; moved/manualized docs and removed outdated pages.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Replaces the jQuery-based lightbox/carousel with vanilla JS implementations, modernizes layout and CSS classes to Bootstrap 5 patterns, adds security and modernization docs, updates CI/Ruby version references, and removes or consolidates several legacy documentation pages and front-matter flags.

Changes

Cohort / File(s)	Summary
Lightbox & Carousel lib/lightbox.js, lib/screenshot-carousel.js, css/lightbox.css, discover/screenshots/index.html, index.html, discover/screenshots/*	Adds vanilla JS lightbox and carousel; new lightbox CSS; updates screenshots pages and index to use semantic figure/figcaption, lazy loading, and new selectors; removes jQuery-lightbox usage and inline jQuery init.
Header / Navigation / Layout _includes/header.html, _includes/discover_menu.html, _includes/download_sidebar.html, _includes/footer.html, _includes/section_change.html, _layouts/*.html, discover/news.html	Replaces legacy grid/markup (span*) with semantic HTML and modern col-/float- classes; introduces a Bootstrap-style navbar; updates footer, sidebars, and layout wrappers.
CSS baseline & carousel styles css/xcsoar.css, css/lightbox.css	Large rewrite to a new baseline (fonts, headings, navbar classes) and extensive carousel/gallery styles; replaces many id-based rules with class-based patterns.
Documentation & Policies IMPROVEMENTS.md, WEBSITE_STRUCTURE.md, SECURITY_HEADERS.md, HTML5_ANALYSIS.md, .htaccess, .cursor/rules/*	Adds modernization roadmap, site structure docs, security headers guidance and server snippets, HTML5 analysis, and multiple style/policy rule documents (hosting resources locally, HTML5-first, responsive, reuse, relative links).
CI, README & Config .github/workflows/website-deploy.yml, README.md, _config.yml	Bumps Ruby version references (3.4.7 → 3.4.8) in workflow and Docker example; renames config key trac_server_url → github_issues_url; fixes README typo.
Content removals & updates develop/index.md, contact/index.md, contact/irc.html, develop/*.md (several), discover/manual.md, hardware/index.md, multiple _posts/*.md	Deletes or condenses several documentation pages (contact, develop/donations, infrastructure, new_ticket, manual) and updates historical posts to point bug/report links to site.github_issues_url.
Small fixes & refactors _plugins/svgconvert.rb, _includes/*, download/maps/index.html, download/maps/ommaps.html, download/waypoints/index.html, _posts/2024-09-02-xcsoar-7-dot-43-released.md	Replaces deprecated Ruby API File.exists? → File.exist?; fixes typos; removes jquery: true front-matter where not needed; adjusts script paths.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

"🐇
I hopped from jQuery to nimble plain JS,
Figures and captions now take the breeze,
Docs grew wise, headers keep foes at bay,
Ruby bumped, old markup cleared away,
A carrot-cheer for modern, tidy trees."

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Out of Scope Changes check	⚠️ Warning	The PR includes modernization efforts beyond the linked issue scope, such as adding security headers, upgrading Bootstrap, implementing HTML5 semantics, updating documentation, and various other refactoring tasks.	Scope creep detected: Phase 1 should focus on jQuery removal and lightbox replacement; consider deferring security headers, Bootstrap upgrades, HTML5 refactoring, and documentation additions to separate PRs.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title accurately describes the main change: removing jQuery and replacing the lightbox with vanilla JS, which is the primary objective of this PR.
Linked Issues check	✅ Passed	The PR successfully implements the core requirement from Issue #42: removing the jQuery lightbox dependency and replacing it with a vanilla JavaScript lightbox for screenshots.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@css/lightbox.css`:
- Around line 54-80: Add a visible keyboard focus indicator for the lightbox
controls (.lightbox-close, .lightbox-prev, .lightbox-next) by defining a
:focus-visible rule that contrasts with the dark background (for example a white
or accent-colored outline or ring and increased box-shadow), ensure the outline
is not removed elsewhere so it appears only for keyboard focus (use
:focus-visible rather than :focus), and keep the existing sizing/positioning so
the focus ring does not shift layout.

In `@lib/lightbox.js`:
- Around line 51-62: The image loader lacks error handling: add an img.onerror
handler alongside img.onload in the lightbox code (the Image instance `img`) to
handle failed loads for `images[index]`; in the handler set a fallback state
(e.g., set `image.src` to a placeholder or clear it, set `image.alt` and
`caption.textContent` to an error message like "Image failed to load", update
`counter.textContent` appropriately, and adjust `prevBtn`/`nextBtn` visibility)
so the lightbox never stays blank when a network/404 error occurs.
- Around line 28-37: initLightbox currently inserts the lightboxHTML
unconditionally (document.body.insertAdjacentHTML) so calling initLightbox twice
creates duplicate overlays; fix by first checking for the existing lightbox
container (e.g., document.getElementById('lightbox-overlay') or another unique
id/class used by lightboxHTML) inside initLightbox and skip insertion if
present, or alternatively remove multiple init calls by combining selectors into
a single initLightbox call; update references in initLightbox and the
DOMContentLoaded/bootstrap area (the places that call initLightbox) to use the
chosen approach.

🧹 Nitpick comments (4)

WEBSITE_STRUCTURE.md (1)

15-15: Add language specifier to fenced code blocks.

Per markdownlint, fenced code blocks should have a language specified for proper syntax highlighting.

Suggested fix

-```
+```text
 website/

The same applies to the navigation structure block at line 248.

lib/lightbox.js (1)

103-118: Keyboard event listener is global and never removed.

The keydown listener is attached to document and persists for the page lifetime. While this works, it processes key events even when the lightbox is closed (returning early after the display check). Consider attaching when opened and removing when closed for cleaner resource management.

_includes/header.html (1)

73-75: Consider renaming page.jquery to reflect its actual purpose.

The front matter variable page.jquery now controls lightbox loading rather than jQuery loading. This naming is misleading after removing jQuery. Consider renaming to something like page.lightbox for clarity.

This would require updating the front matter in pages that use the lightbox (e.g., index.html, discover/screenshots/index.html).

Also applies to: 83-85

IMPROVEMENTS.md (1)

195-202: Note: Implementation differs from recommendation (which is fine).

The document recommends GLightbox CDN, but the PR implements a custom vanilla JS solution instead. This is actually a good choice - it avoids external CDN dependency and keeps the implementation lightweight (~6KB vs external library). Consider updating this section to reflect the chosen approach.

Suggested update

 ### Replace jQuery Lightbox
 **Issue**: Issue `#42` already tracks this
 **Solution**:
-```html
-<!-- Replace with modern solution -->
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/glightbox/dist/css/glightbox.min.css">
-<script src="https://cdn.jsdelivr.net/npm/glightbox/dist/js/glightbox.min.js"></script>
-```
+Implemented with custom vanilla JS lightbox (`/lib/lightbox.js` and `/css/lightbox.css`) - no external dependencies, ~6KB total.

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.htaccess:
- Line 6: The commented .htaccess CSP header is out-of-sync and misleading
because the active policy is set in the Content-Security-Policy meta tag inside
_includes/header.html; remove or update the commented header line in .htaccess
to avoid confusion and then make the CSP in _includes/header.html authoritative
(keep it in one place). If you want to tighten CSP, start by externalizing
inline styles/scripts referenced by the site (phpBB templates, download page map
styles, and main site element styling) and then remove 'unsafe-inline' from the
meta tag's script-src and style-src directives in _includes/header.html, testing
each change to ensure functionality remains.

🧹 Nitpick comments (2)

.htaccess (2)

14-15: Remove or replace the commented X-XSS-Protection header. The header is deprecated and ignored by modern browsers; OWASP recommends relying on CSP instead. Either delete the line entirely or replace it with an explicit X-XSS-Protection: 0 header for clarity if you want to document the decision to disable it.

---

5-24: Prefer Header always set to cover error responses.

Without always, headers are applied only to successful 2xx responses. For security headers (CSP, MIME sniffing prevention, clickjacking protection, XSS protection, Referrer Policy, Permissions Policy, and HSTS), using Header always set ensures they are present even on 4xx/5xx error responses, preventing temporary security gaps on error pages.

♻️ Suggested change (apply to all header lines)

-# Header set Content-Security-Policy "default-src 'self'; ..."
+# Header always set Content-Security-Policy "default-src 'self'; ..."

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In `@_includes/header.html`:
- Around line 58-64: The meta-based X-* headers in _includes/header.html (the
meta http-equiv tags for X-Content-Type-Options, X-Frame-Options, and
X-XSS-Protection) give a false sense of protection because browsers ignore them
when set via meta; fix by moving these headers to server-level configuration:
uncomment and enable the equivalent directives in .htaccess (set
X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN or proper CSP
frame-ancestors, and remove/replace X-XSS-Protection with a CSP fallback) so
server emits them consistently, and update SECURITY_HEADERS.md to reflect the
enabled server headers; alternatively, if you cannot enable server headers,
remove the meta http-equiv lines from _includes/header.html and document that
only CSP remains via meta in SECURITY_HEADERS.md.

In `@_layouts/trac.html`:
- Around line 14-18: Replace the jQuery DOM manipulation in the ready handler
with vanilla DOM APIs: select the footer element using the selector '#primary
`#footer`', remove it from its parent (preserve the node), then append that node
into the target container selected by '#secondary .row .col-12'; also select the
header via '#primary `#content` `#banner` `#header`' and hide it by setting its style
(e.g., display = "none"). Ensure this runs after DOMContentLoaded (use
DOMContentLoaded event instead of jQuery's ready) and handle missing elements by
checking for null before removing/appending or changing style.

In `@IMPROVEMENTS.md`:
- Line 22: Update the wording in IMPROVEMENTS.md to remove weak/redundant
phrases: replace "Bootstrap 2.x (very old, likely custom build)" with a more
precise phrase such as "Bootstrap 2.x (legacy, likely custom build)" and change
any instances of "SEO Optimization" to "SEO" (remove redundant "Optimization");
apply these edits at the occurrences referenced (the line shown plus the other
occurrences noted around lines 103 and 297) so the language is tighter and
non-redundant.

🧹 Nitpick comments (2)

css/lightbox.css (1)

108-112: Redundant selector — inline display: none already hides the element.

This CSS rule targets elements that already have display: none set via inline styles, making the !important override ineffective and the rule itself unnecessary. The JavaScript should handle visibility directly without needing this CSS fallback.

Consider removing this block or using a class-based approach (e.g., .lightbox-nav-hidden) if you need CSS control over visibility.

index.html (1)

95-134: Migrate span8 to col-md-8 for consistency with the rest of the page.

The .span8 class is still defined in lib/bootstrap/bootstrap-grid.css, but the page already uses col-md-8 elsewhere (line 96). Standardizing on col-md-8 throughout would improve maintainability and consistency, especially given the mixed Bootstrap versions in use.

♻️ Suggested update

-  <div class="span8 news-item">
+  <div class="col-md-8 news-item">
…
-  <div class="span8 news-item">
+  <div class="col-md-8 news-item">

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Search for server configuration files that might set security headers
echo "=== Looking for server config files ==="
fd -a -H '(_headers|\.htaccess|SECURITY_HEADERS\.md|netlify\.toml|vercel\.json|nginx\.conf|apache.*\.conf|caddy\.conf)$' 2>/dev/null

echo ""
echo "=== Searching for security header patterns ==="
rg -in 'Content-Security-Policy|X-Frame-Options|X-Content-Type-Options|X-XSS-Protection' --type-list | head -20

Repository: XCSoar/website

Length of output: 620

---

🏁 Script executed:

#!/bin/bash
# More comprehensive search for config and header files
echo "=== Config files in root and common locations ==="
git ls-files | grep -E '(^[^/]*\.(toml|json|htaccess|conf)$|^[^/]*/.*(\.toml|\.json|_headers|\.htaccess|\.conf)$)' 2>/dev/null

echo ""
echo "=== Files with "header" in name or path ==="
git ls-files | grep -i header 2>/dev/null

echo ""
echo "=== Search for HTTP header configuration patterns ==="
rg -in 'X-Frame-Options|X-Content-Type-Options|X-XSS-Protection' 2>/dev/null | head -20

Repository: XCSoar/website

Length of output: 1329

---

🏁 Script executed:

cat -n /home/jailuser/git/.htaccess

Repository: XCSoar/website

Length of output: 1688

---

🏁 Script executed:

cat -n /home/jailuser/git/SECURITY_HEADERS.md

Repository: XCSoar/website

Length of output: 4750

---

Meta-based X- headers provide no browser enforcement; server-level headers are not configured.*

X-Content-Type-Options, X-Frame-Options, and X-XSS-Protection are ignored by modern browsers when set via <meta http-equiv> tags. Only CSP is honored via meta tags. The .htaccess file shows these headers are intentionally not configured at the server level (all directives are commented out), leaving the application without actual protection against MIME sniffing, clickjacking, and XSS attacks.

The SECURITY_HEADERS.md documentation acknowledges that HTTP headers are necessary for maximum security but they remain unimplemented. Either uncomment and activate the headers in .htaccess, or remove the meta tags to avoid a false sense of coverage.

🤖 Prompt for AI Agents

In `@_includes/header.html` around lines 58 - 64, The meta-based X-* headers in
_includes/header.html (the meta http-equiv tags for X-Content-Type-Options,
X-Frame-Options, and X-XSS-Protection) give a false sense of protection because
browsers ignore them when set via meta; fix by moving these headers to
server-level configuration: uncomment and enable the equivalent directives in
.htaccess (set X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN or
proper CSP frame-ancestors, and remove/replace X-XSS-Protection with a CSP
fallback) so server emits them consistently, and update SECURITY_HEADERS.md to
reflect the enabled server headers; alternatively, if you cannot enable server
headers, remove the meta http-equiv lines from _includes/header.html and
document that only CSP remains via meta in SECURITY_HEADERS.md.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# First, let's check if jQuery is actually included in the project's dependencies
if [ -f package.json ]; then
  echo "=== Checking package.json ==="
  cat package.json | head -50
fi

if [ -f Gemfile ]; then
  echo "=== Checking Gemfile ==="
  cat Gemfile | grep -i jquery || echo "No jQuery in Gemfile"
fi

echo ""
echo "=== Searching for jQuery includes/script tags ==="
rg -n 'jquery(\.min)?\.js|code\.jquery\.com|<script.*jquery' --type html || true

Repository: XCSoar/website

Length of output: 154

---

🏁 Script executed:

#!/bin/bash
# Check for jQuery usages across the codebase
echo "=== jQuery variable/function usages ==="
rg -n '\$\(' --type html -A 1 -B 1 || true

Repository: XCSoar/website

Length of output: 379

---

🏁 Script executed:

#!/bin/bash
# Look at the specific file mentioned
echo "=== Full content of _layouts/trac.html ==="
if [ -f _layouts/trac.html ]; then
  cat -n _layouts/trac.html
else
  echo "File not found. Searching for trac.html..."
  find . -name "trac.html" -type f
fi

Repository: XCSoar/website

Length of output: 636

---

🏁 Script executed:

#!/bin/bash
# Check the overall project structure to understand if this is a Jekyll site
echo "=== Project structure ==="
ls -la | head -20
echo ""
if [ -f _config.yml ]; then
  echo "=== _config.yml (Jekyll config) ==="
  cat _config.yml | head -30
fi

Repository: XCSoar/website

Length of output: 1753

---

Convert to vanilla JavaScript; jQuery is not loaded and this script will fail at runtime.

The project has no jQuery includes (not in Gemfile or any layout files), but the code in _layouts/trac.html uses $() and .detach()/.hide() methods. This will throw a ReferenceError when the page loads, breaking the footer repositioning and header hiding logic.

🔧 Proposed vanilla JS replacement

 <script>
-  $(document).ready(function() {
-    $('#secondary .row .col-12').append($('#primary `#footer`').detach());
-    $('#primary `#content` `#banner` `#header`').hide();
-  });
+  document.addEventListener('DOMContentLoaded', () => {
+    const footer = document.querySelector('#primary `#footer`');
+    const target = document.querySelector('#secondary .row .col-12');
+    if (footer && target) target.appendChild(footer);
+
+    const header = document.querySelector('#primary `#content` `#banner` `#header`');
+    if (header) header.style.display = 'none';
+  });
 </script>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<script>
	$(document).ready(function() {
	$('#secondary .row .span12').append($('#primary #footer').detach());
	$('#secondary .row .col-12').append($('#primary #footer').detach());
	$('#primary #content #banner #header').hide();
	});
	<script>
	document.addEventListener('DOMContentLoaded', () => {
	const footer = document.querySelector('#primary `#footer`');
	const target = document.querySelector('#secondary .row .col-12');
	if (footer && target) target.appendChild(footer);
	const header = document.querySelector('#primary `#content` `#banner` `#header`');
	if (header) header.style.display = 'none';
	});
	</script>

🤖 Prompt for AI Agents

In `@_layouts/trac.html` around lines 14 - 18, Replace the jQuery DOM manipulation
in the ready handler with vanilla DOM APIs: select the footer element using the
selector '#primary `#footer`', remove it from its parent (preserve the node), then
append that node into the target container selected by '#secondary .row
.col-12'; also select the header via '#primary `#content` `#banner` `#header`' and
hide it by setting its style (e.g., display = "none"). Ensure this runs after
DOMContentLoaded (use DOMContentLoaded event instead of jQuery's ready) and
handle missing elements by checking for null before removing/appending or
changing style.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Tighten a couple of wording nits.

LanguageTool flags “very old” as a weak intensifier and “SEO Optimization” as redundant. Suggested tweaks below.

✏️ Suggested wording tweaks

-**Current**: Bootstrap 2.x (very old, likely custom build)
+**Current**: Bootstrap 2.x (outdated, likely custom build)

-### 8. **SEO Optimization**
+### 8. **SEO**

-| Medium | Medium | Medium | SEO optimization |
+| Medium | Medium | Medium | SEO |

Also applies to: 103-103, 297-297

🧰 Tools

🪛 LanguageTool

[style] ~22-~22: As an alternative to the over-used intensifier ‘very’, consider replacing this phrase.
Context: ...p Version** Current: Bootstrap 2.x (very old, likely custom build) Issues: - No ...

(EN_WEAK_ADJECTIVE)

🤖 Prompt for AI Agents

In `@IMPROVEMENTS.md` at line 22, Update the wording in IMPROVEMENTS.md to remove
weak/redundant phrases: replace "Bootstrap 2.x (very old, likely custom build)"
with a more precise phrase such as "Bootstrap 2.x (legacy, likely custom build)"
and change any instances of "SEO Optimization" to "SEO" (remove redundant
"Optimization"); apply these edits at the occurrences referenced (the line shown
plus the other occurrences noted around lines 103 and 297) so the language is
tighter and non-redundant.

[coderabbitai]

Actionable comments posted: 7

🤖 Fix all issues with AI agents

In `@_includes/download_sidebar.html`:
- Line 33: Remove the unintended double space before the English link in the
HTML snippet: find the line containing the anchor tag '<a href="{{
site.download_server_url }}/{{ site.xcsoar_stable_version
}}/XCSoar-manual.pdf">English</a>' in _includes/download_sidebar.html and change
"In  <a ..." to "In <a ..." so there is only a single space between "In" and the
link.

In `@docs/index.md`:
- Line 18: The link text contains a duplicated word: replace the link label
"XCSoar XCSoar em um flash" with "XCSoar em um flash" (the link target is
XCSoar-in-a-flash-pt_BR.pdf), so update the markdown entry to remove the extra
"XCSoar" while keeping the existing flag and URL unchanged.

In `@IMPROVEMENTS.md`:
- Around line 5-20: Update the "Current: jQuery 1.8.2" label in IMPROVEMENTS.md
to indicate it's the pre-Phase-1 / legacy baseline (e.g., "Pre-Phase-1: jQuery
1.8.2") and add a short clarifying sentence that the live/deployed
implementation now uses the custom vanilla lightbox at /lib/lightbox.js (refer
to the "Implemented with custom vanilla JS" note) so readers understand the
document contrasts the legacy baseline with the current implemented state.

In `@index.html`:
- Around line 114-122: The carousel indicators list in the element with class
"carousel-indicators" is missing the button for the 8th slide; add a new
<button> with class "carousel-indicator", aria-label "Go to screenshot 8" (or
"Analysis: OLC" if you prefer more descriptive text) and data-slide="7" so the
indicator count matches the eight slides and navigation works correctly (follow
the pattern used by the existing "carousel-indicator" buttons).

In `@lib/screenshot-carousel.js`:
- Around line 28-33: The load handler for images can update the carousel width
even after the user has navigated away; modify the listener on activeImage so it
verifies the image is still the current active slide before calling
setCarouselWidth. Concretely, inside the 'load' callback registered on
activeImage, compare the event.target (or the captured activeImage) against the
current active slide image (e.g., query the carousel for the currently active
image or compare to a stored current reference) and only call
setCarouselWidth(activeImage) if they match; keep the { once: true } behavior to
avoid lingering listeners.
- Around line 127-139: The carousel's keydown handler won't run because the
carousel element isn't focusable; make the element referenced as carousel
focusable (e.g., set carousel.tabIndex = 0 or
carousel.setAttribute('tabindex','0')) before relying on the
addEventListener('keydown') so ArrowLeft/ArrowRight events fire and
prevSlide()/nextSlide() work; also consider adding an accessible label
(aria-label or role) for clarity and keep showSlide(0) initialization as-is.

In `@WEBSITE_STRUCTURE.md`:
- Around line 7-12: The doc still lists jQuery 1.8.2 and jquery-lightbox even
though the PR added a vanilla ES6+ lightbox; update WEBSITE_STRUCTURE.md to
remove references to jQuery and jquery-lightbox and document the new setup:
replace the "JavaScript: jQuery 1.8.2, custom scripts" line with "JavaScript:
Vanilla ES6+ lightbox, custom scripts" (and note no jQuery dependency) and
similarly change the other sections that mention jquery-lightbox (lines
referenced in the review) to describe the new ES6 module/lightbox implementation
and any initialization details or build/import steps so contributors aren’t
misled.

♻️ Duplicate comments (1)

_includes/header.html (1)

50-56: X- headers via <meta http-equiv> are not enforced by browsers.*

Only Content-Security-Policy is effective via <meta> tags. The X-Content-Type-Options, X-Frame-Options, and X-XSS-Protection meta tags are ignored by modern browsers—these headers must be set server-side to have any effect.

🧹 Nitpick comments (10)

.cursor/rules/use-relative-links.mdc (1)

10-10: Minor inaccuracy in rationale.

Root-relative paths don't actually avoid DNS lookups—DNS resolution happens at the domain level, regardless of path format. The actual performance benefit (if any) is avoiding potential redirects when the domain name changes. Consider removing or rewording this point.

Suggested fix

-- **Performance**: Slightly faster (no DNS lookup needed)
+- **Performance**: Avoids potential redirects if domain configuration changes

Alternatively, simply remove this bullet point since the performance difference is negligible.

lib/lightbox.js (1)

89-114: Image loading handles success and error cases correctly.

The onerror handler (lines 104-112) properly addresses the previous review concern about failed image loads. Navigation buttons remain functional even when an image fails.

One minor enhancement to consider: clearing the image src before loading a new image could prevent a brief flash of the previous image during slow loads.

Optional enhancement

   function showImage(index) {
     if (index < 0 || index >= allImages.length) return;
     currentIndex = index;
+    
+    // Clear previous image to avoid flash during load
+    image.src = '';

     const img = new Image();

_includes/header.html (1)

52-52: CSP uses unsafe-inline and unsafe-eval which significantly weaken protection.

The 'unsafe-inline' and 'unsafe-eval' directives in script-src allow inline scripts and eval(), which defeats much of CSP's XSS protection. This appears necessary for the OpenLayers maps page that uses eval() (ommaps.html line 121).

Consider using nonce-based CSP or refactoring the maps page to avoid eval() for stronger security. This could be tracked as a future improvement.

css/xcsoar.css (7)

1-5: Consider the implications of overflow-x: hidden on both html and body.

Applying overflow-x: hidden to both elements prevents horizontal scrolling entirely, which can hide content from users who zoom in or use assistive technologies. If the intent is to prevent horizontal scroll caused by layout issues, consider fixing the root cause instead. If needed for specific components, apply it only to those containers.

---

98-103: Consider removing !important if possible.

The !important declarations suggest a specificity battle, likely with Bootstrap defaults. If feasible, increase selector specificity instead (e.g., .navbar .navbar-nav .nav-link) to avoid cascading issues in future maintenance.

---

190-203: Mixed layout approaches: float-based and flexbox.

This section uses float for layout (lines 191-203), while the preceding section (lines 153-188) uses flexbox. The float-based styling with fixed rem widths may conflict with the responsive flexbox grid above. If this is legacy code for backward compatibility, consider adding a comment; otherwise, consolidate to one approach to avoid maintenance confusion.

---

314-325: Redundant padding declarations.

Lines 315-317 set padding: 0 1.25rem and then immediately override with padding-top and padding-bottom. This can be simplified to a single declaration.

♻️ Suggested fix

 .carousel-slide figcaption {
-  padding: 0 1.25rem;
-  padding-top: 1.25rem;
-  padding-bottom: 1.25rem;
+  padding: 1.25rem;
   opacity: 0;
   transition: opacity 0.3s ease-in-out;

---

329-347: Missing cursor: pointer on interactive carousel buttons.

The .carousel-btn elements are clickable controls but lack cursor: pointer, which is a usability expectation for interactive elements. Same applies to .carousel-indicator (line 369).

♻️ Suggested fix

 .carousel-btn {
   position: absolute;
   top: 50%;
   transform: translateY(-50%);
   background: rgba(0, 0, 0, 0.6);
   color: `#fff`;
   border: 0.125rem solid `#fff`;
   border-radius: 50%;
   width: 3.125rem;
   height: 3.125rem;
   font-size: 2rem;
   line-height: 1;
   z-index: 10;
   display: flex;
   align-items: center;
   justify-content: center;
   padding: 0;
   transition: background-color 0.3s;
+  cursor: pointer;
 }

And for the indicator:

 .carousel-indicator {
   width: 0.75rem;
   height: 0.75rem;
   border-radius: 50%;
   border: 0.125rem solid `#878380`;
   padding: 0;
   transition: all 0.3s;
+  cursor: pointer;
+  background: transparent;
 }

---

439-455: Heavy use of !important in footer styles.

Multiple !important declarations suggest style override conflicts, likely with Bootstrap. While this works, it makes future maintenance harder. Consider scoping footer styles more specifically or using CSS custom properties for theming.

---

469-505: Potential list styling conflict.

Line 471 sets list-style-type: disc on ul, but line 504 sets list-style: none on all li elements. This means the disc style from ul will be overridden. If the intent is for most lists to have no markers except specific ones (lines 507-516), this works but is confusing. Consider adding a comment clarifying the cascade.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Minor: Extra space in text.

There's a double space after "In" which appears unintentional.

Suggested fix

-  <p>In  <a href="{{ site.download_server_url }}/{{ site.xcsoar_stable_version }}/XCSoar-manual.pdf">English</a>,
+  <p>In <a href="{{ site.download_server_url }}/{{ site.xcsoar_stable_version }}/XCSoar-manual.pdf">English</a>,

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<p>In <a href="{{ site.download_server_url }}/{{ site.xcsoar_stable_version }}/XCSoar-manual.pdf">English</a>,
	<p>In <a href="{{ site.download_server_url }}/{{ site.xcsoar_stable_version }}/XCSoar-manual.pdf">English</a>,

🤖 Prompt for AI Agents

In `@_includes/download_sidebar.html` at line 33, Remove the unintended double
space before the English link in the HTML snippet: find the line containing the
anchor tag '<a href="{{ site.download_server_url }}/{{
site.xcsoar_stable_version }}/XCSoar-manual.pdf">English</a>' in
_includes/download_sidebar.html and change "In  <a ..." to "In <a ..." so there
is only a single space between "In" and the link.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Typo: Duplicate "XCSoar" in link text.

The link text reads "XCSoar XCSoar em um flash" with "XCSoar" appearing twice.

Proposed fix

-- {% country_flag br %} [XCSoar XCSoar em um flash]({{ site.download_server_url }}/{{ site.xcsoar_stable_version }}/XCSoar-in-a-flash-pt_BR.pdf) Quick guide in Portuguese
+- {% country_flag br %} [XCSoar em um flash]({{ site.download_server_url }}/{{ site.xcsoar_stable_version }}/XCSoar-in-a-flash-pt_BR.pdf) Quick guide in Portuguese

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- {% country_flag br %} [XCSoar XCSoar em um flash]({{ site.download_server_url }}/{{ site.xcsoar_stable_version }}/XCSoar-in-a-flash-pt_BR.pdf) Quick guide in Portuguese
	- {% country_flag br %} [XCSoar em um flash]({{ site.download_server_url }}/{{ site.xcsoar_stable_version }}/XCSoar-in-a-flash-pt_BR.pdf) Quick guide in Portuguese

🤖 Prompt for AI Agents

In `@docs/index.md` at line 18, The link text contains a duplicated word: replace
the link label "XCSoar XCSoar em um flash" with "XCSoar em um flash" (the link
target is XCSoar-in-a-flash-pt_BR.pdf), so update the markdown entry to remove
the extra "XCSoar" while keeping the existing flag and URL unchanged.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

git ls-files | head -20

Repository: XCSoar/website

Length of output: 521

---

🏁 Script executed:

cat -n IMPROVEMENTS.md | head -50

Repository: XCSoar/website

Length of output: 2116

---

🏁 Script executed:

wc -l IMPROVEMENTS.md

Repository: XCSoar/website

Length of output: 77

---

🏁 Script executed:

cat -n IMPROVEMENTS.md | sed -n '180,210p'

Repository: XCSoar/website

Length of output: 1464

---

🏁 Script executed:

cat -n IMPROVEMENTS.md | grep -A 5 -B 5 -i "lightbox\|phase"

Repository: XCSoar/website

Length of output: 2127

---

🏁 Script executed:

# Check if jQuery is actually present in the codebase
rg -l "jquery" --type-list | head -10
fd . -type f | xargs rg -l "jquery-1\.8|jQuery" 2>/dev/null | head -20

Repository: XCSoar/website

Length of output: 864

---

🏁 Script executed:

# Check if the implemented lightbox files exist
ls -la lib/lightbox.* css/lightbox.* 2>/dev/null || echo "Files not found"
fd "lightbox\.(js|css)"

Repository: XCSoar/website

Length of output: 221

---

🏁 Script executed:

# Search for actual jQuery references in HTML/JS files
rg "jquery|jQuery" --type html --type js -c

Repository: XCSoar/website

Length of output: 197

---

🏁 Script executed:

# Check which HTML files reference jQuery or the lightbox
rg -l "jquery|lightbox" --type html

Repository: XCSoar/website

Length of output: 122

---

🏁 Script executed:

# Check the actual implementation in the main HTML/layout files
fd . -name "*.html" -o -name "*.liquid" -o -name "*.md" | head -10
find . -name "_layouts" -o -name "_includes" 2>/dev/null

Repository: XCSoar/website

Length of output: 328

---

🏁 Script executed:

# Check if lightbox.js or the old jquery-lightbox is actually referenced
rg "lightbox\.js|jquery-lightbox" --type html

Repository: XCSoar/website

Length of output: 126

---

🏁 Script executed:

# Check if jQuery is actually referenced in any HTML/includes
rg "jquery-1\.8\.2" --type html

Repository: XCSoar/website

Length of output: 40

---

🏁 Script executed:

# Check the header.html file to see all scripts
cat -n _includes/header.html

Repository: XCSoar/website

Length of output: 12677

---

🏁 Script executed:

# Check main layout files
cat -n _layouts/default.html 2>/dev/null | head -40

Repository: XCSoar/website

Length of output: 294

---

🏁 Script executed:

# Final check: verify jQuery is not actually loaded anywhere
rg "jquery-1\.8"

Repository: XCSoar/website

Length of output: 115

---

🏁 Script executed:

# Also verify the vanilla lightbox implementation
cat -n lib/lightbox.js | head -30

Repository: XCSoar/website

Length of output: 1392

---

Clarify whether section 1 describes current state or pre-modernization baseline. The section titled "Current: jQuery 1.8.2" conflicts with the later statement (lines 195-197) that the lightbox replacement is already "Implemented with custom vanilla JS." jQuery 1.8.2 is not referenced in active code; the deployed implementation uses the vanilla /lib/lightbox.js instead. Update the "Current" label to clarify this is the pre-Phase 1 state:

Suggested update

-**Current**: jQuery 1.8.2 (released 2012, 12+ years old)
+**Previous (pre-Phase 1)**: jQuery 1.8.2 (removed in Phase 1)

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	### 1. **Outdated JavaScript Libraries**
	**Current**: jQuery 1.8.2 (released 2012, 12+ years old)
	**Issues**:
	- Security vulnerabilities
	- No longer maintained
	- Large file size (unnecessary for modern needs)
	- Incompatible with modern browsers
	**Recommendation**:
	- Remove jQuery dependency entirely (most features can be done with vanilla JS)
	- Replace jQuery lightbox with modern alternatives:
	- [GLightbox](https://biati-digital.github.io/glightbox/) (lightweight, modern)
	- [PhotoSwipe](https://photoswipe.com/) (feature-rich)
	- Native CSS/JS solution (smallest footprint)
	- **Impact**: Reduces page load, improves security, better performance
	### 1. **Outdated JavaScript Libraries**
	**Previous (pre-Phase 1)**: jQuery 1.8.2 (removed in Phase 1)
	**Issues**:
	- Security vulnerabilities
	- No longer maintained
	- Large file size (unnecessary for modern needs)
	- Incompatible with modern browsers
	**Recommendation**:
	- Remove jQuery dependency entirely (most features can be done with vanilla JS)
	- Replace jQuery lightbox with modern alternatives:
	- [GLightbox](https://biati-digital.github.io/glightbox/) (lightweight, modern)
	- [PhotoSwipe](https://photoswipe.com/) (feature-rich)
	- Native CSS/JS solution (smallest footprint)
	- **Impact**: Reduces page load, improves security, better performance

🤖 Prompt for AI Agents

In `@IMPROVEMENTS.md` around lines 5 - 20, Update the "Current: jQuery 1.8.2"
label in IMPROVEMENTS.md to indicate it's the pre-Phase-1 / legacy baseline
(e.g., "Pre-Phase-1: jQuery 1.8.2") and add a short clarifying sentence that the
live/deployed implementation now uses the custom vanilla lightbox at
/lib/lightbox.js (refer to the "Implemented with custom vanilla JS" note) so
readers understand the document contrasts the legacy baseline with the current
implemented state.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Bug: Indicator count doesn't match slide count.

There are 8 carousel slides but only 7 indicator buttons. The 8th slide ("Analysis: OLC") has no corresponding indicator, breaking navigation.

Suggested fix: Add missing indicator

           <button class="carousel-indicator" aria-label="Go to screenshot 6" data-slide="5"></button>
           <button class="carousel-indicator" aria-label="Go to screenshot 7" data-slide="6"></button>
+          <button class="carousel-indicator" aria-label="Go to screenshot 8" data-slide="7"></button>
         </div>

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<div class="carousel-indicators">
	<button class="carousel-indicator active" aria-label="Go to screenshot 1" data-slide="0"></button>
	<button class="carousel-indicator" aria-label="Go to screenshot 2" data-slide="1"></button>
	<button class="carousel-indicator" aria-label="Go to screenshot 3" data-slide="2"></button>
	<button class="carousel-indicator" aria-label="Go to screenshot 4" data-slide="3"></button>
	<button class="carousel-indicator" aria-label="Go to screenshot 5" data-slide="4"></button>
	<button class="carousel-indicator" aria-label="Go to screenshot 6" data-slide="5"></button>
	<button class="carousel-indicator" aria-label="Go to screenshot 7" data-slide="6"></button>
	</div>
	<div class="carousel-indicators">
	<button class="carousel-indicator active" aria-label="Go to screenshot 1" data-slide="0"></button>
	<button class="carousel-indicator" aria-label="Go to screenshot 2" data-slide="1"></button>
	<button class="carousel-indicator" aria-label="Go to screenshot 3" data-slide="2"></button>
	<button class="carousel-indicator" aria-label="Go to screenshot 4" data-slide="3"></button>
	<button class="carousel-indicator" aria-label="Go to screenshot 5" data-slide="4"></button>
	<button class="carousel-indicator" aria-label="Go to screenshot 6" data-slide="5"></button>
	<button class="carousel-indicator" aria-label="Go to screenshot 7" data-slide="6"></button>
	<button class="carousel-indicator" aria-label="Go to screenshot 8" data-slide="7"></button>
	</div>

🤖 Prompt for AI Agents

In `@index.html` around lines 114 - 122, The carousel indicators list in the
element with class "carousel-indicators" is missing the button for the 8th
slide; add a new <button> with class "carousel-indicator", aria-label "Go to
screenshot 8" (or "Analysis: OLC" if you prefer more descriptive text) and
data-slide="7" so the indicator count matches the eight slides and navigation
works correctly (follow the pattern used by the existing "carousel-indicator"
buttons).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Avoid width updates from non‑active slide image loads. If a previous slide finishes loading after the user navigates away, its load handler can override the width for the current slide. Guard the handler to only update when that slide is still active.

🐛 Proposed fix

-      if (activeImage.complete) {
-        setCarouselWidth(activeImage);
-      } else {
-        activeImage.addEventListener('load', () => setCarouselWidth(activeImage), { once: true });
-      }
+      if (activeImage.complete) {
+        setCarouselWidth(activeImage);
+      } else {
+        const expectedIndex = currentSlide;
+        activeImage.addEventListener('load', () => {
+          if (expectedIndex === currentSlide) {
+            setCarouselWidth(activeImage);
+          }
+        }, { once: true });
+      }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// Wait for image to load if not already loaded
	if (activeImage.complete) {
	setCarouselWidth(activeImage);
	} else {
	activeImage.addEventListener('load', () => setCarouselWidth(activeImage), { once: true });
	}
	// Wait for image to load if not already loaded
	if (activeImage.complete) {
	setCarouselWidth(activeImage);
	} else {
	const expectedIndex = currentSlide;
	activeImage.addEventListener('load', () => {
	if (expectedIndex === currentSlide) {
	setCarouselWidth(activeImage);
	}
	}, { once: true });
	}

🤖 Prompt for AI Agents

In `@lib/screenshot-carousel.js` around lines 28 - 33, The load handler for images
can update the carousel width even after the user has navigated away; modify the
listener on activeImage so it verifies the image is still the current active
slide before calling setCarouselWidth. Concretely, inside the 'load' callback
registered on activeImage, compare the event.target (or the captured
activeImage) against the current active slide image (e.g., query the carousel
for the currently active image or compare to a stored current reference) and
only call setCarouselWidth(activeImage) if they match; keep the { once: true }
behavior to avoid lingering listeners.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Find HTML files that might contain the carousel
git ls-files | grep -E "\.(html|htm)$"

Repository: XCSoar/website

Length of output: 576

---

🏁 Script executed:

# Search for the carousel element in the codebase
rg "screenshot-carousel" -S --max-count=20

Repository: XCSoar/website

Length of output: 458

---

🏁 Script executed:

# Check the full context of the screenshot-carousel.js file
wc -l lib/screenshot-carousel.js

Repository: XCSoar/website

Length of output: 88

---

🏁 Script executed:

# Check the HTML markup for screenshot-carousel in index.html
rg -n "screenshot-carousel" index.html -B5 -A10

Repository: XCSoar/website

Length of output: 885

---

🏁 Script executed:

# Read the full JavaScript file to understand the focusability setup
cat -n lib/screenshot-carousel.js

Repository: XCSoar/website

Length of output: 6564

---

The carousel lacks keyboard focusability — arrow-key navigation will not work. The keydown handler is attached (lines 127–134) but the carousel element itself is not focusable. Without tabindex="0" or equivalent, the div will never receive focus, so keyboard events won't fire. Add focusability in JavaScript to ensure accessibility:

Suggested fix

     // Keyboard navigation
     carousel.addEventListener('keydown', function(e) {
       if (e.key === 'ArrowLeft') {
         prevSlide();
       } else if (e.key === 'ArrowRight') {
         nextSlide();
       }
     });
 
     // Make carousel focusable for keyboard navigation
+    if (!carousel.hasAttribute('tabindex')) {
+      carousel.setAttribute('tabindex', '0');
+    }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	// Keyboard navigation
	carousel.addEventListener('keydown', function(e) {
	if (e.key === 'ArrowLeft') {
	prevSlide();
	} else if (e.key === 'ArrowRight') {
	nextSlide();
	}
	});
	// Make carousel focusable for keyboard navigation
	// Initialize the first slide state on load
	showSlide(0);
	// Keyboard navigation
	carousel.addEventListener('keydown', function(e) {
	if (e.key === 'ArrowLeft') {
	prevSlide();
	} else if (e.key === 'ArrowRight') {
	nextSlide();
	}
	});
	// Make carousel focusable for keyboard navigation
	if (!carousel.hasAttribute('tabindex')) {
	carousel.setAttribute('tabindex', '0');
	}
	// Initialize the first slide state on load
	showSlide(0);

🤖 Prompt for AI Agents

In `@lib/screenshot-carousel.js` around lines 127 - 139, The carousel's keydown
handler won't run because the carousel element isn't focusable; make the element
referenced as carousel focusable (e.g., set carousel.tabIndex = 0 or
carousel.setAttribute('tabindex','0')) before relying on the
addEventListener('keydown') so ArrowLeft/ArrowRight events fire and
prevSlide()/nextSlide() work; also consider adding an accessible label
(aria-label or role) for clarity and keep showSlide(0) initialization as-is.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

# First, let's check if WEBSITE_STRUCTURE.md exists and read the relevant sections
find . -name "WEBSITE_STRUCTURE.md" -type f

Repository: XCSoar/website

Length of output: 80

---

🏁 Script executed:

# Search for jQuery and jquery-lightbox references across the repo
rg "jquery-1\.8\.2|jquery-lightbox|jQuery.*lightbox" -i --no-heading

Repository: XCSoar/website

Length of output: 4159

---

🏁 Script executed:

# Also check for any jQuery references more broadly to understand scope
rg "jQuery|jquery" -i --no-heading -c | head -20

Repository: XCSoar/website

Length of output: 303

---

🏁 Script executed:

# Let's read the WEBSITE_STRUCTURE.md file to see current state at the mentioned lines
head -15 ./WEBSITE_STRUCTURE.md

Repository: XCSoar/website

Length of output: 509

---

🏁 Script executed:

# Check lines 87-92
sed -n '87,92p' ./WEBSITE_STRUCTURE.md

Repository: XCSoar/website

Length of output: 335

---

🏁 Script executed:

# Check line 106
sed -n '106p' ./WEBSITE_STRUCTURE.md

Repository: XCSoar/website

Length of output: 113

---

🏁 Script executed:

# Check lines 271-274
sed -n '271,274p' ./WEBSITE_STRUCTURE.md

Repository: XCSoar/website

Length of output: 250

---

🏁 Script executed:

# Verify if jQuery and jquery-lightbox are actually still in the codebase
ls -la lib/ | grep -E "jquery|lightbox"

Repository: XCSoar/website

Length of output: 258

---

Update WEBSITE_STRUCTURE.md to reflect vanilla JS lightbox instead of jQuery. The documentation still lists jQuery 1.8.2 and jquery-lightbox across multiple sections (lines 7–12, 87–92, 106, 271–274), but the PR introduces a new vanilla ES6+ lightbox implementation. Update these sections to document the new setup and avoid misleading contributors.

🛠️ Example edits

- - **JavaScript**: jQuery 1.8.2, custom scripts
+ - **JavaScript**: Vanilla ES6+ (lightbox/carousel), custom scripts

- │   ├── jquery-1.8.2.min.js # jQuery
- │   └── jquery-lightbox/    # Lightbox plugin
+ │   ├── lightbox.js         # Vanilla lightbox
+ │   └── screenshot-carousel.js # Screenshot carousel

- - **Features**: Screenshot gallery with jQuery lightbox
+ - **Features**: Screenshot gallery with vanilla JS lightbox

- - **JavaScript**: jQuery 1.8.2, custom scripts
- - **Libraries**: Bootstrap, jQuery Lightbox, country flags
+ - **JavaScript**: Vanilla ES6+, custom scripts
+ - **Libraries**: Bootstrap, lightbox, country flags

🤖 Prompt for AI Agents

In `@WEBSITE_STRUCTURE.md` around lines 7 - 12, The doc still lists jQuery 1.8.2
and jquery-lightbox even though the PR added a vanilla ES6+ lightbox; update
WEBSITE_STRUCTURE.md to remove references to jQuery and jquery-lightbox and
document the new setup: replace the "JavaScript: jQuery 1.8.2, custom scripts"
line with "JavaScript: Vanilla ES6+ lightbox, custom scripts" (and note no
jQuery dependency) and similarly change the other sections that mention
jquery-lightbox (lines referenced in the review) to describe the new ES6
module/lightbox implementation and any initialization details or build/import
steps so contributors aren’t misled.