You've already forked wp-bootstrap
magdev
89afa00678
- Archive XSS: wrap get_the_archive_title/description with wp_kses_post() in ContextBuilder to sanitize Editor-editable term content rendered via |raw - Comment fields: esc_html() on comment_author, esc_url() on comment_author_url at data source; template updated to output pre-escaped URL via |raw - dark-mode.js: whitelist localStorage value against ['dark','light'] to prevent attribute injection from third-party script tampering - TwigService: add is_safe=>html to esc_html/esc_attr/esc_url Twig functions to prevent double-encoding if autoescape is ever enabled - Add .markdownlint.json (disable MD024 duplicate headings, MD013 line length) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>