railsgoat/app/views/layouts/application.html.erb

<!DOCTYPE html>
<html>
<head>
  <title>RailsGoat</title>
  <%= stylesheet_link_tag    "application", media: "all", "data-turbolinks-track" => true %>
  <%= javascript_include_tag "application", "data-turbolinks-track" => true %>
  <%#= csrf_meta_tags %> <!-- <~ What is this for? I hear it helps w/ JS and Sea-surfing.....whatevz -->

  <!-- VULNERABILITY A03:2025 - Software Supply Chain Failures
       Missing Subresource Integrity (SRI) checks on CDN assets
       If the CDN is compromised, malicious code can be injected without detection

       SECURE: Should include integrity="sha384-..." crossorigin="anonymous"
       See: /tutorials/supply_chain for exploitation details
  -->
  <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
  <script src="https://cdn.jsdelivr.net/npm/jquery@3.6.0/dist/jquery.min.js"></script>

  <!-- bootstrap css -->
<%
if cookies[:font]
%>
<style>body { font-size:<%= raw cookies[:font] %> !important;}</style>
<%
end
%>

</head>
<body>
  <%= render "layouts/shared/header" %>
  <%= render "layouts/shared/sidebar" %>
<div class="container-fluid">
  <% if current_user %>
    <div class="dashboard-wrapper">
      <%= render "layouts/shared/messages" %>
      <%= yield %>
    </div>
  <% else %>
  <div class="login-wrapper">
    <%= render "layouts/shared/messages" %>
    <%= yield %> 
  </div>  
  <% end %>
</div>
  <%= render "layouts/shared/footer" %>

<script type="text/javascript">

//Dropdown
$('.dropdown-toggle').dropdown();
</script>

</body>
</html>