security: OWASP audit and hardening (v1.0.8) · 89afa00678 - wp-bootstrap

security: OWASP audit and hardening (v1.0.8)

All checks were successful

Create Release Package / PHP Lint (push) Successful in 1m8s

Details

Create Release Package / Build Release (push) Successful in 1m53s

Details

- Archive XSS: wrap get_the_archive_title/description with wp_kses_post()
  in ContextBuilder to sanitize Editor-editable term content rendered via |raw
- Comment fields: esc_html() on comment_author, esc_url() on comment_author_url
  at data source; template updated to output pre-escaped URL via |raw
- dark-mode.js: whitelist localStorage value against ['dark','light'] to
  prevent attribute injection from third-party script tampering
- TwigService: add is_safe=>html to esc_html/esc_attr/esc_url Twig functions
  to prevent double-encoding if autoescape is ever enabled
- Add .markdownlint.json (disable MD024 duplicate headings, MD013 line length)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

This commit is contained in:

Marco Grätsch

2026-02-19 13:23:33 +01:00

parent 876be4a041

commit 89afa00678

9 changed files with 78 additions and 12 deletions

									
										4

.markdownlint.json
									
										Normal file
									
												View File
												
				@@ -0,0 +1,4 @@

				{

				  "MD024": false,

				  "MD013": false

				}

security: OWASP audit and hardening (v1.0.8) All checks were successful Create Release Package / PHP Lint (push) Successful in 1m8s Details Create Release Package / Build Release (push) Successful in 1m53s Details

4 .markdownlint.json Normal file Unescape Escape View File

security: OWASP audit and hardening (v1.0.8)

All checks were successful

Create Release Package / PHP Lint (push) Successful in 1m8s

Details

Create Release Package / Build Release (push) Successful in 1m53s

Details

4

.markdownlint.json Normal file

View File