Pending photo-tags review uses native confirm() and alert() (banned dialogs)

Area: Files, photos, gallery, ansi (audit p5) · Surface: /photos/tags/pending (pending tag review) · Dimension: native-dialogs · Severity: major

The tag-rejection confirmation and both error notices use native confirm()/alert(), which the Engineering Law bans. This is a user-facing moderation queue; the broken native dialogs undercut the otherwise-polished card UI on the same page.

Evidence

platform/templates/photos/pending-tags.php:118 `if (!confirm("Reject this tag? It'll be removed from the photo.")) return;`; :115 `else alert('Could not confirm: ' + (d.error || 'unknown'));`; :121 `else alert('Could not reject: ' + (d.error || 'unknown'));`. The page already carries $scriptNonce and runs in a context where App.modal/App.toast are loaded.

Suggested fix. Use App.modal.confirm('Reject tag', "Reject this tag? It'll be removed from the photo.", () => post(...)). Replace the two alert() calls with App.toast('Could not confirm: '+err, 'error') / App.toast('Could not reject: '+err, 'error').

Filed by the automated tenant-app audit and adversarially evidence-verified. Status: verified. Open — not yet actioned.