Reject-upload flow uses native prompt() for the rejection reason (banned dialog)

Area: Files, photos, gallery, ansi (audit p5) · Surface: /files/{slug}/queue (Files review queue) · Dimension: native-dialogs · Severity: major

Native prompt() is explicitly banned by the Engineering Law (no native confirm/alert/prompt — use App.modal/data-confirm). A native prompt breaks theme, has no styling, looks like malware, and is not mobile-friendly. This is a moderator-facing surface where the reason is captured for a forum log post, so the broken UX lands on staff every time they reject an upload.

Evidence

platform/templates/files/queue.php:69-70 — `<form ... onsubmit="var r=prompt('Reason (optional):'); if(r===null){return false;} this.querySelector('[name=reason]').value=r||''; return true;">`. The site already ships App.modal.prompt (public/js/app.min.js:21 `App.modal.prompt=function(title,message,options,onConfirm,onCancel){...}`) built for exactly this.

Suggested fix. Replace the inline onsubmit prompt with App.modal.prompt('Reject upload','Reason (optional):', {}, reason => { form.reason.value = reason || ''; form.submit(); }). Remove the inline onsubmit handler entirely; wire the Reject button to open the modal.

Filed by the automated tenant-app audit and adversarially evidence-verified. Status: verified. Open — not yet actioned.