Native confirm() dialog on path-item delete (Law: native dialogs BANNED)

Area: mobieusLearn (audit p8) · Surface: /admin/learn/paths/{id}/edit · Dimension: law-violations · Severity: major

Native confirm() is banned platform-wide (per memory feedback_no_native_browser_dialogs.md: confirm/alert/prompt break the theme and look like malware). Every other delete affordance in mobieusLearn uses data-confirm or App.modal.confirm(). This single onsubmit=confirm() is an outlier that pops an unstyled OS dialog.

Evidence

platform/templates/learn/admin/paths/edit.php:153-154 — `<form method="post" action="/admin/learn/paths/<?= $pid ?>/items/<?= (int) $it['id'] ?>/delete" style="display:inline; margin:0;" onsubmit="return confirm('Remove this item from the path?');">`. This is the only file in the entire learn area still using a native browser dialog; courses/edit.php explicitly notes in a comment (line 12) that App.modal.confirm() is the right pattern, and 24 other learn templates use data-confirm.

Suggested fix. Replace the inline onsubmit="return confirm(...)" with the data-confirm attribute used by the rest of the learn area (e.g. add data-confirm="Remove this item from the path?" to the submit button and drop the onsubmit handler), matching the pattern in courses/edit.php and the 24 other learn templates.

Filed by the automated tenant-app audit and adversarially evidence-verified. Status: verified. Open — not yet actioned.