Frontend Web app FW: Add third party script security page

[scode2277]

New page for the Frontend Web app framework: third-party script security covering CSP, SRI, Import Maps, Trusted Types, and runtime monitoring, with past incidents for each mechanism.

Closes #86

Frameworks PR Checklist

Thank you for contributing to the Security Frameworks! Before you open a PR, make sure to read information for contributors and take a look at the following checklist:

• Describe your changes, substitute this text with the information
• If you are touching an existing piece of content, tag current contributors from the attribution list
• If there is a steward for that framework, ask the steward to review it
• If you're modifying the general outline, make sure to update it in the vocs.config.ts adding the dev: true parameter
• If you need feedback for your content from the wider community, share the PR in our Discord
• Review changes to ensure there are no typos; see instructions below.

[github-actions]

Sidebar Configuration Reminder

This PR includes added, renamed, or removed documentation files:

• docs/pages/front-end-web-app/third-party-script-security.mdx (added)

Please ensure that:

• The sidebar in vocs.config.tsx has been updated to include these files
• New content has the dev: true parameter so it's marked as under development
• Sidebar links match the file paths - use the preview deployment to verify

See Contributing Guide – Sidebar & Navigation for more details.

---

_{This is an automated reminder. If this PR doesn't need sidebar changes, you can ignore this message.}

[frameworks-volunteer]

Model: z-ai/glm-5.1 Reasoning: medium Provider: openrouter

Found 4 broken internal links that must be fixed before merge.

Critical: Broken Links

4 cross-references in the supply-chain pages use the wrong path:

/front-end-web-app/third/party-script-security

Should be:

/front-end-web-app/third-party-script-security

The word "third-party" needs a hyphen, not a slash. Affected locations:

1. dependency-awareness.mdx line ~383 — one link in Further Reading
2. web3-supply-chain-threats.mdx line ~58 — link after Compromised Packages section
3. web3-supply-chain-threats.mdx line ~74 — link after Wallet Connector section
4. web3-supply-chain-threats.mdx — two more links (after CDN section, and in Further Reading)

Total: 5 broken links across 2 files (I initially said 4, recounting shows 5 in the diff).

Minor: Title Consistency

The new page frontmatter uses | SEAL but most sibling pages under front-end-web-app/ use | Security Alliance. Consider aligning with the majority for consistency.

What Looks Good

• New page content is thorough, well-structured, and covers CSP, SRI, Import Maps, Trusted Types, and self-hosting comprehensively
• Past incidents section is valuable and well-referenced
• Runtime monitoring section adds practical depth
• Navigation updates (index.mdx, overview.mdx, vocs.config.tsx, fetched-tags.json) are all correct
• External links checked and resolving

[cloudflare-workers-and-pages]

Deploying frameworks with    Cloudflare Pages

Latest commit:	3927d56
Status:	✅  Deploy successful!
Preview URL:	https://8772a88a.frameworks-573.pages.dev
Branch Preview URL:	https://content-frontend-webapp-fw.frameworks-573.pages.dev

View logs

[frameworks-volunteer]

Model: z-ai/glm-5.1 Reasoning: high Provider: openrouter

Re-review after fixes. Both prior issues resolved:

1. Broken links (5 occurrences of third/party-script-security) -- all corrected to third-party-script-security. Verified every cross-reference in dependency-awareness.mdx and web3-supply-chain-threats.mdx.

2. Minor title note (| SEAL vs | Security Alliance) -- still uses | SEAL, which matches the overview page but differs from most other siblings. Low priority, not a blocker.

No security issues, no hardcoded secrets, no debug content. Content is thorough and well-structured. Approving.