Comment 3 for bug 1820226

Couldn't this simply work with libjs-bootstrap4? Seems like using bootstrap4 would be a net improvement anyway, especially sicne it then wouldn't be encumbered by the open CVEs.

For me; it's a tentative ACK for the MIR provided the Security Team also ACKs it. I'm not looking for a full code-review -- I did that, nothing jumps out (but yeah, sure, XSS CVEs); but I think we ought to have a formal decision from the security team as to whether they are fine with this as-is; or as I think, that it would be *much* preferable to use twitter-bootstrap4.