From a121eb4dacbd8f8a7aea9cdf14d9775f09f1678c Mon Sep 17 00:00:00 2001
From: Gopavasanth <gopavasanth1999@gmail.com>
Date: Sun, 22 Feb 2026 22:02:14 +0530
Subject: [PATCH 1/3] feat: implement Content Security Policy and update
 dependencies in HTML template

---
 app.py              | 14 ++++++++++++++
 templates/home.html |  8 ++++----
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/app.py b/app.py
index 0b3beed..791a6cf 100644
--- a/app.py
+++ b/app.py
@@ -10,6 +10,20 @@
 app = Flask(__name__)
 CORS(app)  # Enable CORS for all routes
 
+CSP_POLICY = (
+    "default-src 'self'; "
+    "script-src 'self' 'unsafe-inline' https://tools-static.wmflabs.org; "
+    "style-src 'self' 'unsafe-inline' https://tools-static.wmflabs.org; "
+    "connect-src 'self' https://api.github.com; "
+    "img-src 'self' data:; "
+    "font-src 'self' https://tools-static.wmflabs.org data:"
+)
+
+@app.after_request
+def set_security_headers(response):
+    response.headers['Content-Security-Policy'] = CSP_POLICY
+    return response
+
 behaviour_switches = ['__NOTOC__', '__FORCETOC__', '__TOC__', '__NOEDITSECTION__', '__NEWSECTIONLINK__', '__NONEWSECTIONLINK__', '__NOGALLERY__', '__HIDDENCAT__', '__EXPECTUNUSEDCATEGORY__', '__NOCONTENTCONVERT__', '__NOCC__', '__NOTITLECONVERT__', '__NOTC__', '__START__', '__END__', '__INDEX__', '__NOINDEX__', '__STATICREDIRECT__', '__EXPECTUNUSEDTEMPLATE__', '__NOGLOBAL__', '__DISAMBIG__', '__EXPECTED_UNCONNECTED_PAGE__', '__ARCHIVEDTALK__', '__NOTALK__', '__EXPECTWITHOUTSCANS__']
 
 # --- Helper Functions for Processing Different Wikitext Elements ---
diff --git a/templates/home.html b/templates/home.html
index ab54321..9cf2d70 100644
--- a/templates/home.html
+++ b/templates/home.html
@@ -6,12 +6,12 @@
     <title>Wikitext to Translatable Wikitext Converter</title>
     <link
       rel="stylesheet"
-      href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.0/css/bootstrap.min.css"
+      href="https://tools-static.wmflabs.org/cdnjs/ajax/libs/bootstrap/5.3.8/css/bootstrap.min.css"
     />
 
     <link
       rel="stylesheet"
-      href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/atom-one-light.min.css"
+      href="https://tools-static.wmflabs.org/cdnjs/ajax/libs/highlight.js/11.11.1/styles/atom-one-light.min.css"
     />
     <style>
       html,
@@ -140,8 +140,8 @@ <h5>Translatable Wikitext Output</h5>
     </div>
 
     <!-- Bootstrap JS and dependencies -->
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.1.0/js/bootstrap.bundle.min.js"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js"></script>
+    <script src="https://tools-static.wmflabs.org/cdnjs/ajax/libs/bootstrap/5.3.8/js/bootstrap.bundle.min.js"></script>
+    <script src="https://tools-static.wmflabs.org/cdnjs/ajax/libs/highlight.js/11.11.1/highlight.min.js"></script>
     <script>
       hljs.highlightAll();
 

From 38fd0fc0faea43218fe7d60d5c2529d0795797b7 Mon Sep 17 00:00:00 2001
From: Gopavasanth <gopavasanth1999@gmail.com>
Date: Mon, 23 Feb 2026 09:31:04 +0530
Subject: [PATCH 2/3] feat: fetch and display last updated date from GitHub API
 in home template

---
 app.py              | 25 +++++++++++++++++++++----
 templates/home.html | 27 +--------------------------
 2 files changed, 22 insertions(+), 30 deletions(-)

diff --git a/app.py b/app.py
index 791a6cf..eea2ea6 100644
--- a/app.py
+++ b/app.py
@@ -3,6 +3,8 @@
 import re
 from enum import Enum
 import sys
+import requests as http_requests
+from datetime import datetime
 
 import mwparserfromhell
 from mwparserfromhell.nodes import Tag
@@ -14,11 +16,26 @@
     "default-src 'self'; "
     "script-src 'self' 'unsafe-inline' https://tools-static.wmflabs.org; "
     "style-src 'self' 'unsafe-inline' https://tools-static.wmflabs.org; "
-    "connect-src 'self' https://api.github.com; "
+    "connect-src 'self'; "
     "img-src 'self' data:; "
     "font-src 'self' https://tools-static.wmflabs.org data:"
 )
 
+def get_last_updated_date():
+    try:
+        resp = http_requests.get(
+            "https://api.github.com/repos/indictechcom/translatable-wikitext-converter/commits",
+            timeout=5,
+        )
+        data = resp.json()
+        if data and isinstance(data, list) and len(data) > 0:
+            raw = data[0]["commit"]["committer"]["date"]
+            dt = datetime.strptime(raw, "%Y-%m-%dT%H:%M:%SZ")
+            return dt.strftime("%B %-d, %Y")
+    except Exception:
+        pass
+    return "Unavailable"
+
 @app.after_request
 def set_security_headers(response):
     response.headers['Content-Security-Policy'] = CSP_POLICY
@@ -947,17 +964,17 @@ def convert_to_translatable_wikitext(wikitext):
 
 @app.route('/')
 def index():
-    return render_template('home.html')
+    return render_template('home.html', last_updated=get_last_updated_date())
 
 @app.route('/convert', methods=['GET'])
 def redirect_to_home():
-    return render_template('home.html')
+    return render_template('home.html', last_updated=get_last_updated_date())
 
 @app.route('/convert', methods=['POST'])
 def convert():
     wikitext = request.form.get('wikitext', '')
     converted_text = convert_to_translatable_wikitext(wikitext)
-    return render_template('home.html', original=wikitext, converted=converted_text)
+    return render_template('home.html', original=wikitext, converted=converted_text, last_updated=get_last_updated_date())
 
 @app.route('/api/convert', methods=['GET', 'POST'])
 def api_convert():
diff --git a/templates/home.html b/templates/home.html
index 9cf2d70..c6af8c8 100644
--- a/templates/home.html
+++ b/templates/home.html
@@ -133,7 +133,7 @@ <h5>Translatable Wikitext Output</h5>
           </p>
           <span class="mx-2">|</span>
           <p class="mb-0">
-            Last updated on: <span id="lastUpdatedDate"></span>
+            Last updated on: {{ last_updated }}
           </p>
         </div>
       </footer>
@@ -169,31 +169,6 @@ <h5>Translatable Wikitext Output</h5>
         );
       }
 
-      // Fetch the last commit date from the GitHub API
-      fetch(
-        "https://api.github.com/repos/indictechcom/translatable-wikitext-converter/commits",
-      )
-        .then((response) => response.json())
-        .then((data) => {
-          if (data && data.length > 0) {
-            const lastCommitDate = new Date(data[0].commit.committer.date);
-            const formattedDate = lastCommitDate.toLocaleDateString("en-US", {
-              year: "numeric",
-              month: "long",
-              day: "numeric",
-            });
-            document.getElementById("lastUpdatedDate").textContent =
-              formattedDate;
-          } else {
-            document.getElementById("lastUpdatedDate").textContent =
-              "Unavailable";
-          }
-        })
-        .catch((error) => {
-          console.error("Error fetching commit data:", error);
-          document.getElementById("lastUpdatedDate").textContent =
-            "Unavailable";
-        });
     </script>
   </body>
 </html>

From d5661979773a446addc4a3c28930c8f812305c56 Mon Sep 17 00:00:00 2001
From: Gopavasanth <gopavasanth1999@gmail.com>
Date: Mon, 23 Feb 2026 09:37:40 +0530
Subject: [PATCH 3/3] fix: update Content Security Policy to allow connections
 to tools-static.wmflabs.org

---
 app.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.py b/app.py
index eea2ea6..3798f2d 100644
--- a/app.py
+++ b/app.py
@@ -16,7 +16,7 @@
     "default-src 'self'; "
     "script-src 'self' 'unsafe-inline' https://tools-static.wmflabs.org; "
     "style-src 'self' 'unsafe-inline' https://tools-static.wmflabs.org; "
-    "connect-src 'self'; "
+    "connect-src 'self' https://tools-static.wmflabs.org; "
     "img-src 'self' data:; "
     "font-src 'self' https://tools-static.wmflabs.org data:"
 )