{#
    Shared Alpine.js loader partial.
    Loads the regular Alpine build in both strict and legacy CSP modes.
    The @alpinejs/csp build was evaluated early on but its
    expression parser is limited to plain property chains (no operators,
    no literals, no method call args) — too restrictive for this UI.
    Instead, strict mode ships 'unsafe-eval' in script-src (required for
    Alpine's Function() constructor) while keeping all other hardening
    (no 'unsafe-inline', nonce-gated scripts, frame-ancestors 'none').
    'unsafe-eval' does not allow DOM-injected script execution, so the
    XSS surface remains dramatically smaller than the legacy policy.
#}
<script defer src="https://cdn.jsdelivr.net/npm/alpinejs@3.14.9/dist/cdn.min.js"></script>