- Archive XSS: wrap get_the_archive_title/description with wp_kses_post()
in ContextBuilder to sanitize Editor-editable term content rendered via |raw
- Comment fields: esc_html() on comment_author, esc_url() on comment_author_url
at data source; template updated to output pre-escaped URL via |raw
- dark-mode.js: whitelist localStorage value against ['dark','light'] to
prevent attribute injection from third-party script tampering
- TwigService: add is_safe=>html to esc_html/esc_attr/esc_url Twig functions
to prevent double-encoding if autoescape is ever enabled
- Add .markdownlint.json (disable MD024 duplicate headings, MD013 line length)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Register sidebar widget area via register_sidebar()
- Render WordPress widgets in Twig sidebar with fallback to built-in content
- Update README.md with accurate feature counts and descriptions
- Update translation files with widget area strings
- Bump version to 1.0.0
Co-Authored-By: Claude <noreply@anthropic.com>
Fix dark mode body colors overridden by WordPress theme.json styles.color,
add broad dark mode rules for plugin form elements, fix footer-columns
template, and add style variation bridge function.
Co-Authored-By: Claude <noreply@anthropic.com>
Full Design Editor compatibility with custom block categories, page templates,
header/footer variations, and navigation styles. Both FSE (admin) and Twig
(frontend) sides kept in sync.
Co-Authored-By: Claude <noreply@anthropic.com>
Replace FSE block markup on the frontend with proper Bootstrap 5 HTML
rendered through Twig templates. The Site Editor remains functional for
admin editing while the public site outputs Bootstrap navbar, cards,
pagination, grid layout, and responsive components.
New PHP classes: TemplateController, ContextBuilder, NavWalker
New Twig templates: 20 files (base, pages, partials, components)
Enhanced TwigService with WordPress functions and globals
Co-Authored-By: Claude <noreply@anthropic.com>
