From 397bb3bd08eba477f5f85b17fb5ca803ceb52b01 Mon Sep 17 00:00:00 2001
From: MaryWylde <marykhachatryan13@gmail.com>
Date: Tue, 12 May 2026 17:43:41 +0400
Subject: [PATCH] chore(security): sanitize CMS HTML, add security headers,
 refine auth UI

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 next.config.js                                |  59 ++++
 package.json                                  |   2 +
 src/api/auth.ts                               |  49 +++
 .../AboutProjects/AboutProjects.tsx           |   8 +-
 src/components/ArticleInfo/ArticleInfo.tsx    |   6 +-
 .../ContentParser/ContentParser.tsx           |   3 +-
 src/components/Header/Header.tsx              |   6 +-
 src/components/Headline/Headline.tsx          |  14 +-
 src/components/SeoGenerator/SeoGenerator.tsx  |   7 +-
 .../SettingsModal/SettingsModal.module.scss   |  61 ++++
 .../SettingsModal/SettingsModal.tsx           | 193 +++++++++--
 .../SupporterContainer/SupporterContainer.tsx |   6 +-
 .../ToolContainer/ToolContainer.tsx           |   4 +-
 .../PyramidAuthors/PyramidAuthors.tsx         |   4 +-
 .../PyramidInfoSection/PyramidInfoSection.tsx |  10 +-
 .../EnvironmentSubSection.tsx                 |   4 +-
 .../longevity/FlipCard/FlipCard.tsx           |   6 +-
 .../longevity/HTMLClamp/HTMLClamp.tsx         |   4 +-
 .../LongevitySubSection.tsx                   |   4 +-
 .../MainInfoSection/MainInfoSection.tsx       |   4 +-
 .../longevity/StudySection/StudySection.tsx   |   6 +-
 .../longevity/Supplement/Supplement.tsx       |   4 +-
 .../AboutTheProduct/AboutTheProduct.tsx       |   4 +-
 .../WhatToEatOrAvoid/WhatToEatOrAvoid.tsx     |   4 +-
 .../WhyDoThisTooltip/WhyDoThisTooltip.tsx     |   4 +-
 src/data/auth/en.ts                           |  44 +++
 src/data/auth/ru.ts                           |  44 +++
 .../ContributorsLayout/ContributorsLayout.tsx |   6 +-
 src/layouts/ResultsLayout/ResultsLayout.tsx   |   6 +-
 src/layouts/WorkoutLayout/WorkoutLayout.tsx   |   8 +-
 src/lib/sanitizeHtml.ts                       |   9 +
 src/lib/settings-helpers.ts                   |  10 +
 src/pages/auth/email-change.tsx               | 173 ++++++++++
 yarn.lock                                     | 310 +++++++++++++++++-
 34 files changed, 1013 insertions(+), 73 deletions(-)
 create mode 100644 src/lib/sanitizeHtml.ts
 create mode 100644 src/pages/auth/email-change.tsx

diff --git a/next.config.js b/next.config.js
index a537c441..6243bfca 100644
--- a/next.config.js
+++ b/next.config.js
@@ -23,6 +23,65 @@ module.exports = withBundleAnalyzer({
       { source: '/robots.txt', destination: '/keepsimple_/robots.txt' },
     ];
   },
+  async headers() {
+    const isDev = process.env.NODE_ENV !== 'production';
+    const scriptSrc = [
+      "'self'",
+      "'unsafe-inline'",
+      // Next.js dev mode (Fast Refresh) requires eval.
+      isDev ? "'unsafe-eval'" : '',
+      'https://analytics.ahrefs.com',
+      'https://www.googletagmanager.com',
+      'https://www.google-analytics.com',
+      'https://cdn.mxpnl.com',
+    ]
+      .filter(Boolean)
+      .join(' ');
+    const connectSrc = [
+      "'self'",
+      // Next.js dev HMR uses ws:// to localhost.
+      isDev ? 'ws:' : '',
+      'https://*.keepsimple.io',
+      'https://metrics.administration.ae',
+      'https://api.mixpanel.com',
+      'https://www.google-analytics.com',
+    ]
+      .filter(Boolean)
+      .join(' ');
+
+    return [
+      {
+        source: '/:path*',
+        headers: [
+          {
+            key: 'Strict-Transport-Security',
+            value: 'max-age=63072000; includeSubDomains; preload',
+          },
+          { key: 'X-Content-Type-Options', value: 'nosniff' },
+          { key: 'Referrer-Policy', value: 'strict-origin-when-cross-origin' },
+          { key: 'X-Frame-Options', value: 'DENY' },
+          {
+            key: 'Permissions-Policy',
+            value: 'camera=(), microphone=(), geolocation=()',
+          },
+          {
+            key: 'Content-Security-Policy',
+            value: [
+              "default-src 'self'",
+              `script-src ${scriptSrc}`,
+              "style-src 'self' 'unsafe-inline'",
+              "img-src 'self' data: blob: https://lh3.googleusercontent.com https://cdn.discordapp.com https://strapi.keepsimple.io https://staging-strapi.keepsimple.io https://www.google-analytics.com",
+              "font-src 'self' data:",
+              `connect-src ${connectSrc}`,
+              "frame-ancestors 'none'",
+              "base-uri 'self'",
+              "form-action 'self'",
+            ].join('; '),
+          },
+        ],
+      },
+    ];
+  },
   env: {
     NEXTAUTH_URL: process.env.NEXTAUTH_URL,
   },
diff --git a/package.json b/package.json
index dcf50f54..16b5b140 100644
--- a/package.json
+++ b/package.json
@@ -34,6 +34,7 @@
     "eslint-plugin-simple-import-sort": "^12.1.1",
     "geoip-lite": "1.4.2",
     "html2canvas": "^1.4.1",
+    "isomorphic-dompurify": "^3.12.0",
     "lodash.debounce": "4.0.8",
     "lodash.unescape": "4.0.1",
     "mixpanel-browser": "^2.65.0",
@@ -53,6 +54,7 @@
     "react-slick": "0.29.0",
     "react-tooltip": "5.27.1",
     "rehype-raw": "6.1.1",
+    "rehype-sanitize": "^6.0.0",
     "remark-breaks": "3.0.2",
     "sass": "1.32.8",
     "slick-carousel": "1.8.1",
diff --git a/src/api/auth.ts b/src/api/auth.ts
index b257248f..619a23e7 100644
--- a/src/api/auth.ts
+++ b/src/api/auth.ts
@@ -179,3 +179,52 @@ export const completeMagicLinkRegistration = async ({
     return { ok: false, code: 'NETWORK_ERROR', status: 0, message: e?.message };
   }
 };
+
+const twitterEmailChangeUrl = (path: string) =>
+  `${process.env.NEXT_PUBLIC_STRAPI}/api/auth/twitter/email-change/${path}`;
+
+export const requestTwitterEmailChange = async ({
+  email,
+  locale,
+  token,
+}: {
+  email: string;
+  locale: MagicLinkLocale;
+  token: string;
+}): Promise<MagicLinkResult<null>> => {
+  try {
+    const response = await fetch(twitterEmailChangeUrl('request'), {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        Authorization: `Bearer ${token}`,
+      },
+      body: JSON.stringify({ email, locale }),
+    });
+    if (!response.ok) {
+      return { ok: false, ...(await parseError(response)) };
+    }
+    return { ok: true, data: null };
+  } catch (e: any) {
+    return { ok: false, code: 'NETWORK_ERROR', status: 0, message: e?.message };
+  }
+};
+
+export const confirmTwitterEmailChange = async (
+  token: string,
+): Promise<MagicLinkResult<{ email: string }>> => {
+  try {
+    const response = await fetch(twitterEmailChangeUrl('confirm'), {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ token }),
+    });
+    if (!response.ok) {
+      return { ok: false, ...(await parseError(response)) };
+    }
+    const data = await response.json();
+    return { ok: true, data };
+  } catch (e: any) {
+    return { ok: false, code: 'NETWORK_ERROR', status: 0, message: e?.message };
+  }
+};
diff --git a/src/components/AboutProjects/AboutProjects.tsx b/src/components/AboutProjects/AboutProjects.tsx
index 2f1c8bb8..bd4e2641 100644
--- a/src/components/AboutProjects/AboutProjects.tsx
+++ b/src/components/AboutProjects/AboutProjects.tsx
@@ -2,6 +2,8 @@ import cn from 'classnames';
 import { FC } from 'react';
 import { useInView } from 'react-intersection-observer';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import styles from './AboutProjects.module.scss';
 
 type projectsProps = {
@@ -35,7 +37,11 @@ const AboutProjects: FC<AboutProjectsProps> = ({ projects, darkTheme }) => {
           })}
         >
           <h3 className={styles.name}>{project.project_name}</h3>
-          <div dangerouslySetInnerHTML={{ __html: project.description }} />
+          <div
+            dangerouslySetInnerHTML={{
+              __html: sanitizeHtml(project.description),
+            }}
+          />
         </div>
       ))}
     </section>
diff --git a/src/components/ArticleInfo/ArticleInfo.tsx b/src/components/ArticleInfo/ArticleInfo.tsx
index 1bc68da0..1e06f7f2 100644
--- a/src/components/ArticleInfo/ArticleInfo.tsx
+++ b/src/components/ArticleInfo/ArticleInfo.tsx
@@ -8,6 +8,8 @@ import { Tooltip as ReactTooltip } from 'react-tooltip';
 
 import { useIsWidthLessThan } from '@hooks/useScreenSize';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import ArticleTag from '@components/articles/ArticleTag';
 import { GlobalContext } from '@components/Context/GlobalContext';
 
@@ -133,7 +135,7 @@ const ArticleInfo: FC<ArticleInfoProps> = ({
           <div
             // @ts-ignore
             style={{ '--desc-lines': descLineCount }}
-            dangerouslySetInnerHTML={{ __html: description }}
+            dangerouslySetInnerHTML={{ __html: sanitizeHtml(description) }}
             className={styles.p}
             data-tooltip-id={description}
           />
@@ -147,7 +149,7 @@ const ArticleInfo: FC<ArticleInfoProps> = ({
               })}
             >
               <span
-                dangerouslySetInnerHTML={{ __html: description }}
+                dangerouslySetInnerHTML={{ __html: sanitizeHtml(description) }}
                 className={styles.p}
               />
             </ReactTooltip>
diff --git a/src/components/ContentParser/ContentParser.tsx b/src/components/ContentParser/ContentParser.tsx
index 643fa751..e3d1bca3 100644
--- a/src/components/ContentParser/ContentParser.tsx
+++ b/src/components/ContentParser/ContentParser.tsx
@@ -2,6 +2,7 @@ import unescape from 'lodash.unescape';
 import { FC, useMemo } from 'react';
 import ReactMarkdown from 'react-markdown';
 import rehypeRaw from 'rehype-raw';
+import rehypeSanitize from 'rehype-sanitize';
 import remarkBreaks from 'remark-breaks';
 
 import useContentType from '@hooks/useContentType';
@@ -31,7 +32,7 @@ const ContentParser: FC<ContentParserProps> = ({
         className={styles.content}
         components={componentList}
         remarkPlugins={[[remarkBreaks]]}
-        rehypePlugins={[rehypeRaw]}
+        rehypePlugins={[rehypeRaw, rehypeSanitize]}
       >
         {modifiedData}
       </ReactMarkdown>
diff --git a/src/components/Header/Header.tsx b/src/components/Header/Header.tsx
index 02a699a6..7d9ac8ae 100644
--- a/src/components/Header/Header.tsx
+++ b/src/components/Header/Header.tsx
@@ -76,7 +76,6 @@ const Header: FC = () => {
     isEmailPublic: string,
     isLinkedinPublic: string,
     title?: string,
-    email?: string,
   ) => {
     const mailIsPublic = isEmailPublic === 'everyone';
     const linkedInIsPublic = isLinkedinPublic === 'everyone';
@@ -88,10 +87,6 @@ const Header: FC = () => {
         mailIsPublic,
         linkedInIsPublic,
         title,
-        undefined,
-        undefined,
-        undefined,
-        email,
       );
 
       const data = await getMyInfo();
@@ -269,6 +264,7 @@ const Header: FC = () => {
           linkedin={accountData?.linkedIn}
           linkedinStatus={accountData?.publicLinkedin}
           provider={accountData?.provider}
+          token={token}
           handleSaveClick={handleSaveClick}
           setUsernameIsTakenError={setUsernameIsTakenError}
           usernameIsTakenError={usernameIsTakenError}
diff --git a/src/components/Headline/Headline.tsx b/src/components/Headline/Headline.tsx
index d7fea65a..5222b59b 100644
--- a/src/components/Headline/Headline.tsx
+++ b/src/components/Headline/Headline.tsx
@@ -15,6 +15,8 @@ import { socialMediaLinks } from '@constants/common';
 
 import { TRouter } from '@local-types/global';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import contributors from '@data/contributors';
 
 import AudioPlayer from '@components/AudioPlayer';
@@ -264,7 +266,9 @@ const Headline: FC<HeadlineProps> = ({ headline, darkTheme, russianView }) => {
                   [styles.fadeOut]: fadeOutIndexes.includes(1),
                   [styles.fadeIn]: fadeInIndexes.includes(1),
                 })}
-                dangerouslySetInnerHTML={{ __html: highlightedText }}
+                dangerouslySetInnerHTML={{
+                  __html: sanitizeHtml(highlightedText),
+                }}
               ></p>
             )}
             {title && secondDescription && (
@@ -277,7 +281,9 @@ const Headline: FC<HeadlineProps> = ({ headline, darkTheme, russianView }) => {
                   [styles.fadeIn]:
                     fadeInIndexes.includes(2) && !fadeOutIndexes.includes(2),
                 })}
-                dangerouslySetInnerHTML={{ __html: secondDescription }}
+                dangerouslySetInnerHTML={{
+                  __html: sanitizeHtml(secondDescription),
+                }}
               ></p>
             )}
             {title && lastDescription && (
@@ -290,7 +296,9 @@ const Headline: FC<HeadlineProps> = ({ headline, darkTheme, russianView }) => {
                     fadeOutIndexes.includes(3) && !fadeInIndexes.includes(3),
                   [styles.fadeIn]: fadeInIndexes.includes(3),
                 })}
-                dangerouslySetInnerHTML={{ __html: lastDescription }}
+                dangerouslySetInnerHTML={{
+                  __html: sanitizeHtml(lastDescription),
+                }}
               ></p>
             )}
           </div>
diff --git a/src/components/SeoGenerator/SeoGenerator.tsx b/src/components/SeoGenerator/SeoGenerator.tsx
index e66f745e..f7563830 100644
--- a/src/components/SeoGenerator/SeoGenerator.tsx
+++ b/src/components/SeoGenerator/SeoGenerator.tsx
@@ -294,7 +294,12 @@ const SeoGenerator: FC<SeoGeneratorProps> = ({
         <meta name="twitter:data1" content="Wolf Alexanyan" />
         <script
           type="application/ld+json"
-          dangerouslySetInnerHTML={{ __html: JSON.stringify(schema) }}
+          dangerouslySetInnerHTML={{
+            __html: JSON.stringify(schema)
+              .replace(/</g, '\\u003c')
+              .replace(/>/g, '\\u003e')
+              .replace(/&/g, '\\u0026'),
+          }}
         />
       </Head>
       <Script
diff --git a/src/components/SettingsModal/SettingsModal.module.scss b/src/components/SettingsModal/SettingsModal.module.scss
index 79929732..1093f01e 100644
--- a/src/components/SettingsModal/SettingsModal.module.scss
+++ b/src/components/SettingsModal/SettingsModal.module.scss
@@ -83,6 +83,48 @@
   padding: 24px 28px 16px 28px !important;
 }
 
+.emailChangeDescription {
+  font-family: 'Source Serif 4', 'Source-Serif-Regular', serif;
+  font-size: 13px;
+  line-height: 1.5;
+  color: #5c5650;
+  margin: 0;
+}
+
+.emailChangeSent {
+  font-family: 'Source Serif 4', 'Source-Serif-Regular', serif;
+  font-size: 13px;
+  line-height: 1.5;
+  color: #1c1c1a;
+  margin: 0;
+}
+
+.sendConfirmationBtn {
+  background-color: #242424 !important;
+  border: 1px solid #242424 !important;
+  border-radius: 0 !important;
+  color: #fff !important;
+  font-family: 'Source Serif 4', 'Source-Serif-Regular', serif;
+  font-size: 14px !important;
+  line-height: 1.4;
+  height: 36px !important;
+  padding: 6px 16px !important;
+  align-self: flex-start;
+  transition:
+    background-color 0.15s ease,
+    opacity 0.15s ease;
+
+  &:hover {
+    background-color: #111 !important;
+    border-color: #111 !important;
+  }
+
+  &:disabled {
+    opacity: 0.6;
+    cursor: not-allowed;
+  }
+}
+
 .ModalWrapper {
   max-width: 480px !important;
   width: 480px !important;
@@ -115,6 +157,25 @@
     color: #fff;
   }
 
+  .emailChangeDescription {
+    color: rgba(255, 255, 255, 0.7);
+  }
+
+  .emailChangeSent {
+    color: #fff;
+  }
+
+  .sendConfirmationBtn {
+    background-color: #fff !important;
+    border-color: #fff !important;
+    color: rgba(0, 0, 0, 0.85) !important;
+
+    &:hover {
+      background-color: #e8e8e8 !important;
+      border-color: #e8e8e8 !important;
+    }
+  }
+
   .CancelBtn {
     border-color: #fff !important;
     color: #fff !important;
diff --git a/src/components/SettingsModal/SettingsModal.tsx b/src/components/SettingsModal/SettingsModal.tsx
index a56c0704..ff145bfe 100644
--- a/src/components/SettingsModal/SettingsModal.tsx
+++ b/src/components/SettingsModal/SettingsModal.tsx
@@ -5,11 +5,15 @@ import { FC, useCallback, useState } from 'react';
 import { TRouter } from '@local-types/global';
 
 import {
+  isTwitterPlaceholderEmail,
   isValidEmail,
   linkedInRegex,
   usernameRegex,
 } from '@lib/settings-helpers';
 
+import { requestTwitterEmailChange } from '@api/auth';
+
+import authData from '@data/auth';
 import settingsData from '@data/settings';
 
 import Button from '@components/Button';
@@ -20,6 +24,12 @@ import Textarea from '@components/Textarea';
 
 import styles from './SettingsModal.module.scss';
 
+type EmailChangeStatus =
+  | { kind: 'idle' }
+  | { kind: 'submitting' }
+  | { kind: 'sent'; email: string }
+  | { kind: 'error'; message: string };
+
 type SettingsModalProps = {
   setOpenSettings: (openSettings: boolean) => void;
   currentUsername: string;
@@ -31,6 +41,7 @@ type SettingsModalProps = {
   changeTitlePermission?: boolean;
   usernameIsTakenError?: string;
   provider?: string;
+  token?: string | null;
   setUsernameIsTakenError: (usernameIsTakenError: string) => void;
   setChangedTitle: (selected: boolean) => void;
   handleSaveClick: (
@@ -39,7 +50,6 @@ type SettingsModalProps = {
     isEmailPublic: string,
     isLinkedinPublic: string,
     title?: string,
-    email?: string,
   ) => void;
 };
 
@@ -57,12 +67,14 @@ const SettingsModal: FC<SettingsModalProps> = ({
   changeTitlePermission,
   setChangedTitle,
   provider,
+  token,
 }) => {
   const router = useRouter();
   const { locale } = router as TRouter;
   const currentLocale = locale === 'ru' ? 'ru' : 'en';
-  const isTwitterUser = provider === 'twitter';
-  const initialEmail = isValidEmail(currentEmail) ? currentEmail : '';
+  const showEmailChange =
+    provider === 'twitter' && isTwitterPlaceholderEmail(currentEmail);
+  const emailChangeCopy = authData[currentLocale].emailChange.settings;
   const [isEmailPublic, setIsEmailPublic] = useState(
     !!mailStatus ? 'everyone' : 'onlyMe',
   );
@@ -71,12 +83,15 @@ const SettingsModal: FC<SettingsModalProps> = ({
   );
   const [username, setUsername] = useState(currentUsername);
   const [linkedInUrl, setLinkedInUrl] = useState(linkedin);
-  const [emailValue, setEmailValue] = useState(initialEmail);
+  const [emailValue, setEmailValue] = useState('');
+  const [emailFieldValid, setEmailFieldValid] = useState(true);
+  const [emailChangeStatus, setEmailChangeStatus] = useState<EmailChangeStatus>(
+    { kind: 'idle' },
+  );
   const [selectedTitle] = useState(defaultSelectedTitle);
   const [isValid, setIsValid] = useState({
     username: true,
     linkedin: true,
-    email: true,
   });
 
   const {
@@ -91,7 +106,6 @@ const SettingsModal: FC<SettingsModalProps> = ({
     cancelBtn,
     usernameValidationMessage,
     invalidLinkedIn,
-    invalidEmail,
     emailPlaceholder,
   } = settingsData[currentLocale];
 
@@ -112,29 +126,91 @@ const SettingsModal: FC<SettingsModalProps> = ({
   };
 
   const handleValidation = useCallback(
-    (value: boolean, type: 'username' | 'linkedin' | 'email') => {
+    (value: boolean, type: 'username' | 'linkedin') => {
       setIsValid(prevIsValid => ({
         ...prevIsValid,
         [type]: value,
       }));
     },
-    [isValid],
+    [],
   );
 
   const handleSave = () => {
-    if (isValid.username && isValid.linkedin && isValid.email) {
+    if (isValid.username && isValid.linkedin) {
       handleSaveClick(
         username,
         linkedInUrl,
         isEmailPublic,
         isLinkedinPublic,
         changeTitlePermission ? selectedTitle : undefined,
-        isTwitterUser && emailValue !== initialEmail ? emailValue : undefined,
       );
     }
     setChangedTitle && setChangedTitle(true);
   };
 
+  const handleSendConfirmation = async () => {
+    const trimmed = emailValue.trim();
+    if (!isValidEmail(trimmed)) {
+      setEmailFieldValid(false);
+      setEmailChangeStatus({
+        kind: 'error',
+        message: emailChangeCopy.invalidEmail,
+      });
+      return;
+    }
+    if (!token) {
+      setEmailChangeStatus({
+        kind: 'error',
+        message: emailChangeCopy.generic,
+      });
+      return;
+    }
+    setEmailChangeStatus({ kind: 'submitting' });
+    const result = await requestTwitterEmailChange({
+      email: trimmed,
+      locale: currentLocale,
+      token,
+    });
+    if (result.ok) {
+      setEmailChangeStatus({ kind: 'sent', email: trimmed });
+      return;
+    }
+    if ('code' in result) {
+      if (result.code === 'INVALID_EMAIL') {
+        setEmailChangeStatus({
+          kind: 'error',
+          message: emailChangeCopy.invalidEmail,
+        });
+        return;
+      }
+      if (result.code === 'EMAIL_ALREADY_REGISTERED' || result.status === 409) {
+        setEmailChangeStatus({
+          kind: 'error',
+          message: emailChangeCopy.emailAlreadyRegistered,
+        });
+        return;
+      }
+      if (result.code === 'LIMIT_REACHED' || result.status === 429) {
+        setEmailChangeStatus({
+          kind: 'error',
+          message: emailChangeCopy.limitReached,
+        });
+        return;
+      }
+      if (result.code === 'EMAIL_CHANGE_NOT_ALLOWED' || result.status === 403) {
+        setEmailChangeStatus({
+          kind: 'error',
+          message: emailChangeCopy.notAllowed,
+        });
+        return;
+      }
+    }
+    setEmailChangeStatus({
+      kind: 'error',
+      message: emailChangeCopy.generic,
+    });
+  };
+
   return (
     <Modal
       title={title}
@@ -167,34 +243,84 @@ const SettingsModal: FC<SettingsModalProps> = ({
             }
           />
         </div>
-        <div className={styles.FieldGroupWithVisibility}>
+        {showEmailChange ? (
           <div className={styles.FieldGroup}>
             <span className={styles.Label}>{email}</span>
-            {isTwitterUser ? (
-              <Input
-                value={initialEmail}
-                placeholder={emailPlaceholder}
-                onChange={value => setEmailValue(value)}
-                validationFunction={isValidEmail}
-                isValidCallback={v => handleValidation(v, 'email')}
-                showMessage={!isValid.email}
-                errorMessage={invalidEmail}
-              />
+            <p
+              className={styles.emailChangeDescription}
+              data-cy="twitter-email-change-description"
+            >
+              {emailChangeCopy.description}
+            </p>
+            {emailChangeStatus.kind === 'sent' ? (
+              <p
+                className={styles.emailChangeSent}
+                role="status"
+                data-cy="twitter-email-change-sent"
+              >
+                {emailChangeCopy.sent.replace(
+                  '{email}',
+                  emailChangeStatus.email,
+                )}
+              </p>
             ) : (
+              <>
+                <Input
+                  value={emailValue}
+                  placeholder={emailPlaceholder}
+                  onChange={value => {
+                    setEmailValue(value);
+                    if (!emailFieldValid) setEmailFieldValid(true);
+                    if (emailChangeStatus.kind === 'error') {
+                      setEmailChangeStatus({ kind: 'idle' });
+                    }
+                  }}
+                  validationFunction={isValidEmail}
+                  isValidCallback={setEmailFieldValid}
+                  showMessage={
+                    !emailFieldValid || emailChangeStatus.kind === 'error'
+                  }
+                  errorMessage={
+                    emailChangeStatus.kind === 'error'
+                      ? emailChangeStatus.message
+                      : emailChangeCopy.invalidEmail
+                  }
+                />
+                <Button
+                  label={
+                    emailChangeStatus.kind === 'submitting'
+                      ? emailChangeCopy.submitting
+                      : emailChangeCopy.submit
+                  }
+                  onClick={handleSendConfirmation}
+                  variant="black"
+                  className={styles.sendConfirmationBtn}
+                  disabled={
+                    emailChangeStatus.kind === 'submitting' ||
+                    !emailValue.trim()
+                  }
+                />
+              </>
+            )}
+          </div>
+        ) : (
+          <div className={styles.FieldGroupWithVisibility}>
+            <div className={styles.FieldGroup}>
+              <span className={styles.Label}>{email}</span>
               <Input
                 disabled
                 placeholder={isValidEmail(currentEmail) ? currentEmail : ''}
               />
-            )}
+            </div>
+            <Checkbox
+              visibleTxt={visible}
+              everyone={everyone}
+              onlyYou={onlyYou}
+              setRadioValue={setIsEmailPublic}
+              radioValue={isEmailPublic}
+            />
           </div>
-          <Checkbox
-            visibleTxt={visible}
-            everyone={everyone}
-            onlyYou={onlyYou}
-            setRadioValue={setIsEmailPublic}
-            radioValue={isEmailPublic}
-          />
-        </div>
+        )}
         <div className={styles.FieldGroupWithVisibility}>
           <div className={styles.FieldGroup}>
             <span className={styles.Label}>{linkedIn}</span>
@@ -231,12 +357,7 @@ const SettingsModal: FC<SettingsModalProps> = ({
           }}
           variant="black"
           className={styles.SaveBtn}
-          disabled={
-            !isValid.username ||
-            !isValid.linkedin ||
-            !isValid.email ||
-            !username
-          }
+          disabled={!isValid.username || !isValid.linkedin || !username}
         />
       </div>
     </Modal>
diff --git a/src/components/SupporterContainer/SupporterContainer.tsx b/src/components/SupporterContainer/SupporterContainer.tsx
index 05041885..b3a09c17 100644
--- a/src/components/SupporterContainer/SupporterContainer.tsx
+++ b/src/components/SupporterContainer/SupporterContainer.tsx
@@ -2,6 +2,8 @@ import cn from 'classnames';
 import Image from 'next/image';
 import { FC } from 'react';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import styles from './SupporterContainer.module.scss';
 
 type SupporterContainerProps = {
@@ -38,7 +40,7 @@ const SupporterContainer: FC<SupporterContainerProps> = ({
           <span className={styles.quoteMark}>“</span>
           <div
             className={styles.quote}
-            dangerouslySetInnerHTML={{ __html: quote }}
+            dangerouslySetInnerHTML={{ __html: sanitizeHtml(quote) }}
           />
         </div>
         <div className={styles.supporterInfo}>
@@ -52,7 +54,7 @@ const SupporterContainer: FC<SupporterContainerProps> = ({
           <h4 className={styles.name}>{name} </h4>
           <div
             className={styles.about}
-            dangerouslySetInnerHTML={{ __html: about }}
+            dangerouslySetInnerHTML={{ __html: sanitizeHtml(about) }}
           />
         </div>
       </div>
diff --git a/src/components/ToolContainer/ToolContainer.tsx b/src/components/ToolContainer/ToolContainer.tsx
index e6e996a0..ea0ccf94 100644
--- a/src/components/ToolContainer/ToolContainer.tsx
+++ b/src/components/ToolContainer/ToolContainer.tsx
@@ -3,6 +3,8 @@ import { useRouter } from 'next/router';
 import { FC, useContext } from 'react';
 import { flushSync } from 'react-dom';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import { GlobalContext } from '@components/Context/GlobalContext';
 
 import { handleMixpanelClick } from '../../../lib/mixpanel';
@@ -112,7 +114,7 @@ const ToolContainer: FC<ToolContainerProps> = ({
           <h4 className={styles.name}>{name}</h4>
           <div
             className={styles.quote}
-            dangerouslySetInnerHTML={{ __html: description }}
+            dangerouslySetInnerHTML={{ __html: sanitizeHtml(description) }}
           />
         </div>
       </div>
diff --git a/src/components/_company-management/PyramidAuthors/PyramidAuthors.tsx b/src/components/_company-management/PyramidAuthors/PyramidAuthors.tsx
index d2f6045b..c5f8c48a 100644
--- a/src/components/_company-management/PyramidAuthors/PyramidAuthors.tsx
+++ b/src/components/_company-management/PyramidAuthors/PyramidAuthors.tsx
@@ -3,6 +3,8 @@ import { type FC } from 'react';
 
 import useMobile from '@hooks/useMobile';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import styles from './PyramidAuthors.module.scss';
 
 interface PyramidAuthorsProps {
@@ -14,7 +16,7 @@ const PyramidAuthors: FC<PyramidAuthorsProps> = ({ contributors }) => {
 
   return (
     <div className={cn(styles.container, { [styles.mobile]: isMobile })}>
-      <div dangerouslySetInnerHTML={{ __html: contributors }} />
+      <div dangerouslySetInnerHTML={{ __html: sanitizeHtml(contributors) }} />
     </div>
   );
 };
diff --git a/src/components/_company-management/PyramidInfoSection/PyramidInfoSection.tsx b/src/components/_company-management/PyramidInfoSection/PyramidInfoSection.tsx
index d857b207..b5ef1774 100644
--- a/src/components/_company-management/PyramidInfoSection/PyramidInfoSection.tsx
+++ b/src/components/_company-management/PyramidInfoSection/PyramidInfoSection.tsx
@@ -16,6 +16,8 @@ import { TRouter } from '@local-types/global';
 import useImageModule from '@hooks/useImageModule';
 import useMobile from '@hooks/useMobile';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import containerData from '@data/companyManagement';
 
 import ZoomBlock from '@components/ZoomBlock';
@@ -210,9 +212,11 @@ const PyramidInfoSection: FC<PyramidInfoSectionProps> = ({
                 <div
                   ref={contentRef}
                   dangerouslySetInnerHTML={{
-                    __html: onlyPyramidInfo
-                      ? selectedPyramid.attributes.description
-                      : description,
+                    __html: sanitizeHtml(
+                      onlyPyramidInfo
+                        ? selectedPyramid.attributes.description
+                        : description,
+                    ),
                   }}
                 />
                 <p className={styles.psNote}>
diff --git a/src/components/longevity/EnvironmentSubSection/EnvironmentSubSection.tsx b/src/components/longevity/EnvironmentSubSection/EnvironmentSubSection.tsx
index 6faff3b2..ff95eb61 100644
--- a/src/components/longevity/EnvironmentSubSection/EnvironmentSubSection.tsx
+++ b/src/components/longevity/EnvironmentSubSection/EnvironmentSubSection.tsx
@@ -4,6 +4,8 @@ import { FC } from 'react';
 
 import useInView from '@hooks/useInView';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import { EnvironmentSubSectionProps } from './EnvironmentSubSection.types';
 
 import styles from './EnvironmentSubSection.module.scss';
@@ -28,7 +30,7 @@ const EnvironmentSubSection: FC<EnvironmentSubSectionProps> = ({
       </div>
       <hr className={styles.hr} />
       <div
-        dangerouslySetInnerHTML={{ __html: description }}
+        dangerouslySetInnerHTML={{ __html: sanitizeHtml(description) }}
         className={styles.description}
       />
     </div>
diff --git a/src/components/longevity/FlipCard/FlipCard.tsx b/src/components/longevity/FlipCard/FlipCard.tsx
index f7935a20..9a9b8aef 100644
--- a/src/components/longevity/FlipCard/FlipCard.tsx
+++ b/src/components/longevity/FlipCard/FlipCard.tsx
@@ -2,6 +2,8 @@ import cn from 'classnames';
 import Image from 'next/image';
 import { FC } from 'react';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import Heading from '@components/Heading';
 import { FlipCardProps } from '@components/longevity/FlipCard/FlipCard.types';
 
@@ -30,7 +32,7 @@ const FlipCard: FC<FlipCardProps> = ({
       {isHacks ? (
         <div>
           <div
-            dangerouslySetInnerHTML={{ __html: hacksQuote || '' }}
+            dangerouslySetInnerHTML={{ __html: sanitizeHtml(hacksQuote) }}
             className={styles.quote}
           />
           <span className={styles.separator}> - </span>
@@ -75,7 +77,7 @@ const FlipCard: FC<FlipCardProps> = ({
           <div className={styles.painTextWrapper}>
             <div className={styles.diamond} />
             <div
-              dangerouslySetInnerHTML={{ __html: painText || '' }}
+              dangerouslySetInnerHTML={{ __html: sanitizeHtml(painText) }}
               className={styles.painText}
             />
             <div className={styles.diamond} />
diff --git a/src/components/longevity/HTMLClamp/HTMLClamp.tsx b/src/components/longevity/HTMLClamp/HTMLClamp.tsx
index d3d5538d..c64d7b52 100644
--- a/src/components/longevity/HTMLClamp/HTMLClamp.tsx
+++ b/src/components/longevity/HTMLClamp/HTMLClamp.tsx
@@ -1,6 +1,8 @@
 import cn from 'classnames';
 import React, { FC, useEffect, useRef, useState } from 'react';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import { HTMLClampTypes } from '@components/longevity/HTMLClamp/HTMLClamp.types';
 
 import styles from './HTMLClamp.module.scss';
@@ -55,7 +57,7 @@ const HtmlClamp: FC<HTMLClampTypes> = ({
           className={cn(styles.htmlContent, className, {
             [styles.clamped]: !expanded,
           })}
-          dangerouslySetInnerHTML={{ __html: html || '' }}
+          dangerouslySetInnerHTML={{ __html: sanitizeHtml(html) }}
           data-cy="html-clamp-content"
           data-expanded={expanded}
         />
diff --git a/src/components/longevity/LongevitySubSection/LongevitySubSection.tsx b/src/components/longevity/LongevitySubSection/LongevitySubSection.tsx
index d2411d7e..f67f1862 100644
--- a/src/components/longevity/LongevitySubSection/LongevitySubSection.tsx
+++ b/src/components/longevity/LongevitySubSection/LongevitySubSection.tsx
@@ -5,6 +5,8 @@ import { Tooltip as ReactTooltip } from 'react-tooltip';
 
 import { useIsWidthLessThan } from '@hooks/useScreenSize';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import longevityData from '@data/longevity';
 
 import Heading from '@components/Heading';
@@ -96,7 +98,7 @@ const LongevitySubSection: FC<LongevitySubSectionProps> = ({
 
           {description ? (
             <div
-              dangerouslySetInnerHTML={{ __html: description || '' }}
+              dangerouslySetInnerHTML={{ __html: sanitizeHtml(description) }}
               className={cn(styles.content, {
                 [styles.foodChoicesContent]: isFoodChoices,
               })}
diff --git a/src/components/longevity/MainInfoSection/MainInfoSection.tsx b/src/components/longevity/MainInfoSection/MainInfoSection.tsx
index 079b5ded..dd89f7da 100644
--- a/src/components/longevity/MainInfoSection/MainInfoSection.tsx
+++ b/src/components/longevity/MainInfoSection/MainInfoSection.tsx
@@ -2,6 +2,8 @@ import cn from 'classnames';
 import Image from 'next/image';
 import { FC, useContext, useEffect, useState } from 'react';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import { GlobalContext } from '@components/Context/GlobalContext';
 import Heading from '@components/Heading';
 import BasicStats from '@components/longevity/BasicStats';
@@ -66,7 +68,7 @@ const MainInfoSection: FC<MainInfoSectionProps> = ({
           className={styles.heading}
         />
         <div
-          dangerouslySetInnerHTML={{ __html: description }}
+          dangerouslySetInnerHTML={{ __html: sanitizeHtml(description) }}
           className={styles.description}
         />
         {hasBasicStats ? (
diff --git a/src/components/longevity/StudySection/StudySection.tsx b/src/components/longevity/StudySection/StudySection.tsx
index 61692e07..66efcb17 100644
--- a/src/components/longevity/StudySection/StudySection.tsx
+++ b/src/components/longevity/StudySection/StudySection.tsx
@@ -4,6 +4,8 @@ import { FC, useState } from 'react';
 
 import { useIsWidthLessThan } from '@hooks/useScreenSize';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import LearnMoreIcon from '@icons/longevity/LearnMoreIcon.png';
 import StudyCloseIcon from '@icons/longevity/Study/CloseIcon.svg';
 
@@ -92,7 +94,9 @@ const StudySection: FC<StudySectionProps> = ({
                 />
               ) : (
                 <div
-                  dangerouslySetInnerHTML={{ __html: description || '' }}
+                  dangerouslySetInnerHTML={{
+                    __html: sanitizeHtml(description),
+                  }}
                   className={styles.description}
                 />
               )}
diff --git a/src/components/longevity/Supplement/Supplement.tsx b/src/components/longevity/Supplement/Supplement.tsx
index 15df7eb2..3a2a4a9f 100644
--- a/src/components/longevity/Supplement/Supplement.tsx
+++ b/src/components/longevity/Supplement/Supplement.tsx
@@ -1,6 +1,8 @@
 import Image from 'next/image';
 import { FC } from 'react';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import { SupplementProps } from './Supplement.types';
 
 import styles from './Supplement.module.scss';
@@ -35,7 +37,7 @@ const Supplement: FC<SupplementProps> = ({ name, description, categories }) => {
         </div>
       )}
       <div
-        dangerouslySetInnerHTML={{ __html: description }}
+        dangerouslySetInnerHTML={{ __html: sanitizeHtml(description) }}
         className={styles.description}
       />
     </div>
diff --git a/src/components/longevity/WhatToEatOrAvoid/AboutTheProduct/AboutTheProduct.tsx b/src/components/longevity/WhatToEatOrAvoid/AboutTheProduct/AboutTheProduct.tsx
index cafbfc08..83455c67 100644
--- a/src/components/longevity/WhatToEatOrAvoid/AboutTheProduct/AboutTheProduct.tsx
+++ b/src/components/longevity/WhatToEatOrAvoid/AboutTheProduct/AboutTheProduct.tsx
@@ -2,6 +2,8 @@ import cn from 'classnames';
 import Image from 'next/image';
 import React, { FC } from 'react';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import Heading from '@components/Heading';
 
 import { AboutTheProductProps } from './AboutTheProduct.types';
@@ -37,7 +39,7 @@ const AboutTheProduct: FC<AboutTheProductProps> = ({
         className={styles.divider}
       />
       <div
-        dangerouslySetInnerHTML={{ __html: content }}
+        dangerouslySetInnerHTML={{ __html: sanitizeHtml(content) }}
         className={styles.content}
       />
     </div>
diff --git a/src/components/longevity/WhatToEatOrAvoid/WhatToEatOrAvoid.tsx b/src/components/longevity/WhatToEatOrAvoid/WhatToEatOrAvoid.tsx
index ec1b1524..be8e72a0 100644
--- a/src/components/longevity/WhatToEatOrAvoid/WhatToEatOrAvoid.tsx
+++ b/src/components/longevity/WhatToEatOrAvoid/WhatToEatOrAvoid.tsx
@@ -5,6 +5,8 @@ import { Tooltip as ReactTooltip } from 'react-tooltip';
 
 import { useIsWidthLessThan } from '@hooks/useScreenSize';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import longevityData from '@data/longevity';
 
 import Heading from '@components/Heading';
@@ -90,7 +92,7 @@ const WhatToEatOrAvoid: FC<WhatToEatOrAvoidProps> = ({
             height={16}
           />
           <div
-            dangerouslySetInnerHTML={{ __html: info }}
+            dangerouslySetInnerHTML={{ __html: sanitizeHtml(info) }}
             className={styles.content}
           />
         </div>
diff --git a/src/components/longevity/WhyDoThisTooltip/WhyDoThisTooltip.tsx b/src/components/longevity/WhyDoThisTooltip/WhyDoThisTooltip.tsx
index a35416aa..a012b433 100644
--- a/src/components/longevity/WhyDoThisTooltip/WhyDoThisTooltip.tsx
+++ b/src/components/longevity/WhyDoThisTooltip/WhyDoThisTooltip.tsx
@@ -1,6 +1,8 @@
 import Image from 'next/image';
 import { FC } from 'react';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import Heading from '@components/Heading';
 
 import { WhyDoThisTooltipProps } from './WhyDoThisTooltip.types';
@@ -41,7 +43,7 @@ const WhyDoThisTooltip: FC<WhyDoThisTooltipProps> = ({
 
     return (
       <div
-        dangerouslySetInnerHTML={{ __html: html }}
+        dangerouslySetInnerHTML={{ __html: sanitizeHtml(html) }}
         className={styles.content}
       />
     );
diff --git a/src/data/auth/en.ts b/src/data/auth/en.ts
index c519a6d7..079bfbeb 100644
--- a/src/data/auth/en.ts
+++ b/src/data/auth/en.ts
@@ -53,6 +53,50 @@ const en = {
       'Your registration session has expired. Please request a new sign-in link.',
     requestNewLink: 'Request a new link',
   },
+  emailChange: {
+    settings: {
+      description:
+        "Twitter doesn't share your email with us. Add one to enable email-based sign-in.",
+      submit: 'Send confirmation link',
+      submitting: 'Sending…',
+      sent: 'We sent a confirmation link to {email}. Click it within 15 minutes to finish.',
+      invalidEmail: 'Please enter a valid email address.',
+      sameEmail: 'Please enter a different email address.',
+      emailAlreadyRegistered:
+        'That email is already used by another KeepSimple account.',
+      limitReached:
+        'Email confirmation is temporarily unavailable. Please try again later.',
+      notAllowed: 'Email change is no longer available for this account.',
+      generic: 'Something went wrong. Please try again.',
+    },
+    confirmPage: {
+      success: {
+        title: 'Email confirmed',
+        body: 'Your email has been confirmed. You can now sign in with this address.',
+        cta: 'Go to home',
+      },
+      invalidToken: {
+        title: 'This link is no longer valid',
+        body: 'Confirmation links expire after 15 minutes and can only be used once. Please request a new one from your settings.',
+        cta: 'Go to home',
+      },
+      notAllowed: {
+        title: 'Email already set',
+        body: 'This account already has a confirmed email. No further action is needed.',
+        cta: 'Go to home',
+      },
+      emailAlreadyRegistered: {
+        title: 'Email already in use',
+        body: 'That email is already used by another KeepSimple account.',
+        cta: 'Go to home',
+      },
+      blocked: {
+        title: 'Sign-in unavailable',
+        body: '',
+        cta: 'Go to home',
+      },
+    },
+  },
 };
 
 export default en;
diff --git a/src/data/auth/ru.ts b/src/data/auth/ru.ts
index 66023f4e..4607b254 100644
--- a/src/data/auth/ru.ts
+++ b/src/data/auth/ru.ts
@@ -53,6 +53,50 @@ const ru = {
       'Срок регистрации истёк. Пожалуйста, запросите новую ссылку для входа.',
     requestNewLink: 'Запросить новую ссылку',
   },
+  emailChange: {
+    settings: {
+      description:
+        'Twitter не передаёт нам ваш email. Добавьте его, чтобы можно было входить по email.',
+      submit: 'Отправить ссылку',
+      submitting: 'Отправляем…',
+      sent: 'Мы отправили ссылку для подтверждения на {email}. Нажмите её в течение 15 минут.',
+      invalidEmail: 'Введите корректный email.',
+      sameEmail: 'Введите другой email.',
+      emailAlreadyRegistered:
+        'Этот email уже используется другим аккаунтом KeepSimple.',
+      limitReached:
+        'Подтверждение email временно недоступно. Попробуйте позже.',
+      notAllowed: 'Изменение email больше недоступно для этого аккаунта.',
+      generic: 'Что-то пошло не так. Попробуйте ещё раз.',
+    },
+    confirmPage: {
+      success: {
+        title: 'Email подтверждён',
+        body: 'Ваш email подтверждён. Теперь вы можете входить по этому адресу.',
+        cta: 'На главную',
+      },
+      invalidToken: {
+        title: 'Ссылка больше недействительна',
+        body: 'Ссылка для подтверждения действует 15 минут и может быть использована один раз. Запросите новую в настройках.',
+        cta: 'На главную',
+      },
+      notAllowed: {
+        title: 'Email уже установлен',
+        body: 'У этого аккаунта уже есть подтверждённый email. Дополнительных действий не требуется.',
+        cta: 'На главную',
+      },
+      emailAlreadyRegistered: {
+        title: 'Email уже используется',
+        body: 'Этот email уже используется другим аккаунтом KeepSimple.',
+        cta: 'На главную',
+      },
+      blocked: {
+        title: 'Вход недоступен',
+        body: '',
+        cta: 'На главную',
+      },
+    },
+  },
 };
 
 export default ru;
diff --git a/src/layouts/ContributorsLayout/ContributorsLayout.tsx b/src/layouts/ContributorsLayout/ContributorsLayout.tsx
index 63336bbc..4544e660 100644
--- a/src/layouts/ContributorsLayout/ContributorsLayout.tsx
+++ b/src/layouts/ContributorsLayout/ContributorsLayout.tsx
@@ -5,6 +5,8 @@ import { TRouter } from '@local-types/global';
 
 import useMobile from '@hooks/useMobile';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import contributors from '@data/contributors';
 
 import Contributor from '@components/contributors/Contributor/Contributor';
@@ -56,7 +58,9 @@ const ContributorsLayout = forwardRef<HTMLElement, ContributorsLayoutProps>(
           locale={locale}
         />
         <div
-          dangerouslySetInnerHTML={{ __html: contributorsData.description }}
+          dangerouslySetInnerHTML={{
+            __html: sanitizeHtml(contributorsData.description),
+          }}
           className={styles.description}
         />
         {!isMobile && (
diff --git a/src/layouts/ResultsLayout/ResultsLayout.tsx b/src/layouts/ResultsLayout/ResultsLayout.tsx
index 3ee340fc..90ef0265 100644
--- a/src/layouts/ResultsLayout/ResultsLayout.tsx
+++ b/src/layouts/ResultsLayout/ResultsLayout.tsx
@@ -1,6 +1,8 @@
 import Image from 'next/image';
 import { FC } from 'react';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import LongevitySubSection from '@components/longevity/LongevitySubSection';
 import MainInfoSection from '@components/longevity/MainInfoSection';
 
@@ -59,7 +61,9 @@ const ResultsLayout: FC<ResultsLayoutProps> = ({ data, locale }) => {
           height={104}
           className={styles.backgroundImg}
         />
-        <div dangerouslySetInnerHTML={{ __html: data['PS Quote'] }} />
+        <div
+          dangerouslySetInnerHTML={{ __html: sanitizeHtml(data['PS Quote']) }}
+        />
       </div>
     </div>
   );
diff --git a/src/layouts/WorkoutLayout/WorkoutLayout.tsx b/src/layouts/WorkoutLayout/WorkoutLayout.tsx
index a1ed090a..77dc813e 100644
--- a/src/layouts/WorkoutLayout/WorkoutLayout.tsx
+++ b/src/layouts/WorkoutLayout/WorkoutLayout.tsx
@@ -1,5 +1,7 @@
 import { FC, useEffect, useState } from 'react';
 
+import { sanitizeHtml } from '@lib/sanitizeHtml';
+
 import longevityData from '@data/longevity';
 
 import BrainAgeActivity from '@components/BrainAgeActivity';
@@ -88,14 +90,16 @@ const WorkoutLayout: FC<WorkoutLayoutProps> = ({ locale, data }) => {
       >
         {parts.firstUlHtml && (
           <div
-            dangerouslySetInnerHTML={{ __html: parts.firstUlHtml }}
+            dangerouslySetInnerHTML={{
+              __html: sanitizeHtml(parts.firstUlHtml),
+            }}
             className={styles.list}
           />
         )}
         <StrengthAndTimeCompression locale={locale} />
         {parts.restUlHtml && (
           <div
-            dangerouslySetInnerHTML={{ __html: parts.restUlHtml }}
+            dangerouslySetInnerHTML={{ __html: sanitizeHtml(parts.restUlHtml) }}
             className={styles.list}
           />
         )}
diff --git a/src/lib/sanitizeHtml.ts b/src/lib/sanitizeHtml.ts
new file mode 100644
index 00000000..e317a4e3
--- /dev/null
+++ b/src/lib/sanitizeHtml.ts
@@ -0,0 +1,9 @@
+import DOMPurify from 'isomorphic-dompurify';
+
+export const sanitizeHtml = (dirty: string | null | undefined): string => {
+  if (!dirty) return '';
+  return DOMPurify.sanitize(dirty, {
+    USE_PROFILES: { html: true },
+    ADD_ATTR: ['target', 'rel'],
+  });
+};
diff --git a/src/lib/settings-helpers.ts b/src/lib/settings-helpers.ts
index b6c7ea06..2f222e70 100644
--- a/src/lib/settings-helpers.ts
+++ b/src/lib/settings-helpers.ts
@@ -7,3 +7,13 @@ export const linkedInRegex =
   /^(https?:\/\/)?(www\.)?(linkedin\.com\/in\/|lnkd\.in\/)[a-zA-Z0-9-]{3,30}\/?$/;
 
 export const usernameRegex = /^(?!.*[&%:;*|></\\#?"=])[^\s]{6,30}$/;
+
+// Twitter OAuth never gives us the user's real email — Strapi assigns a
+// synthetic `twitter_{id}@users.noreply.keepsimple.io` placeholder. The
+// settings UI offers a one-time email-change flow only while that placeholder
+// is still in use. The backend enforces the same check.
+const twitterPlaceholderEmailRegex =
+  /^twitter_[^@]+@users\.noreply\.keepsimple\.io$/i;
+
+export const isTwitterPlaceholderEmail = (email?: string | null): boolean =>
+  !!email && twitterPlaceholderEmailRegex.test(email);
diff --git a/src/pages/auth/email-change.tsx b/src/pages/auth/email-change.tsx
new file mode 100644
index 00000000..a57fb611
--- /dev/null
+++ b/src/pages/auth/email-change.tsx
@@ -0,0 +1,173 @@
+import { useRouter } from 'next/router';
+import { FC, useContext, useEffect, useRef, useState } from 'react';
+
+import { confirmTwitterEmailChange } from '@api/auth';
+import { getMyInfo } from '@api/strapi';
+
+import auth from '@data/auth';
+
+import { GlobalContext } from '@components/Context/GlobalContext';
+import Spinner from '@components/Spinner';
+
+import styles from './magic-link.module.scss';
+
+type ConfirmState =
+  | { kind: 'loading' }
+  | { kind: 'success'; email: string }
+  | { kind: 'invalidToken' }
+  | { kind: 'notAllowed' }
+  | { kind: 'emailAlreadyRegistered' }
+  | { kind: 'blocked' };
+
+const EmailChangeConfirmPage: FC = () => {
+  const router = useRouter();
+  const { setAccountData } = useContext(GlobalContext) as any;
+
+  const locale = router.locale === 'ru' ? 'ru' : 'en';
+  const copy = auth[locale].emailChange.confirmPage;
+
+  const [state, setState] = useState<ConfirmState>({ kind: 'loading' });
+  const startedRef = useRef(false);
+
+  useEffect(() => {
+    if (!router.isReady) return;
+    if (startedRef.current) return;
+    startedRef.current = true;
+
+    const token = router.query.token;
+    const tokenStr = Array.isArray(token) ? token[0] : token;
+
+    if (!tokenStr) {
+      router.replace('/');
+      return;
+    }
+
+    // Strip ?token= from the URL before any async work fires. Tokens are
+    // single-use + 15-min TTL, but the URL would otherwise leak into the
+    // Referer header of any third-party script.
+    router.replace({ pathname: router.pathname, query: {} }, undefined, {
+      shallow: true,
+    });
+
+    const run = async () => {
+      const result = await confirmTwitterEmailChange(tokenStr);
+
+      if ('code' in result) {
+        if (
+          result.code === 'INVALID_TOKEN' ||
+          result.code === 'TOKEN_EXPIRED' ||
+          result.code === 'TOKEN_ALREADY_USED'
+        ) {
+          setState({ kind: 'invalidToken' });
+          return;
+        }
+        if (result.code === 'EMAIL_CHANGE_NOT_ALLOWED') {
+          setState({ kind: 'notAllowed' });
+          return;
+        }
+        if (
+          result.code === 'EMAIL_ALREADY_REGISTERED' ||
+          result.status === 409
+        ) {
+          setState({ kind: 'emailAlreadyRegistered' });
+          return;
+        }
+        if (result.code === 'USER_BLOCKED') {
+          setState({ kind: 'blocked' });
+          return;
+        }
+        setState({ kind: 'invalidToken' });
+        return;
+      }
+
+      // Same-device click: existing JWT is still valid, refresh /users/me so
+      // the cached account picks up the new email. On a different device the
+      // user isn't logged in here and getMyInfo just no-ops.
+      if (
+        typeof window !== 'undefined' &&
+        localStorage.getItem('accessToken')
+      ) {
+        try {
+          const data = await getMyInfo();
+          if (data) setAccountData(data);
+        } catch {
+          // Non-fatal — the success message still applies; the user will pick
+          // up the new email on next refresh.
+        }
+      }
+
+      setState({ kind: 'success', email: result.data.email });
+    };
+
+    run();
+  }, [router, router.isReady, router.query.token, setAccountData]);
+
+  if (state.kind === 'loading') {
+    return <Spinner visible />;
+  }
+
+  const view = (() => {
+    if (state.kind === 'success') {
+      return {
+        cy: 'email-change-success',
+        role: 'status' as const,
+        title: copy.success.title,
+        body: copy.success.body,
+        cta: copy.success.cta,
+      };
+    }
+    if (state.kind === 'notAllowed') {
+      return {
+        cy: 'email-change-not-allowed',
+        role: 'alert' as const,
+        title: copy.notAllowed.title,
+        body: copy.notAllowed.body,
+        cta: copy.notAllowed.cta,
+      };
+    }
+    if (state.kind === 'emailAlreadyRegistered') {
+      return {
+        cy: 'email-change-email-taken',
+        role: 'alert' as const,
+        title: copy.emailAlreadyRegistered.title,
+        body: copy.emailAlreadyRegistered.body,
+        cta: copy.emailAlreadyRegistered.cta,
+      };
+    }
+    if (state.kind === 'blocked') {
+      return {
+        cy: 'email-change-blocked',
+        role: 'alert' as const,
+        title: copy.blocked.title,
+        body: copy.blocked.body,
+        cta: copy.blocked.cta,
+      };
+    }
+    return {
+      cy: 'email-change-invalid',
+      role: 'alert' as const,
+      title: copy.invalidToken.title,
+      body: copy.invalidToken.body,
+      cta: copy.invalidToken.cta,
+    };
+  })();
+
+  return (
+    <div className={styles.page}>
+      <div className={styles.errorCard} data-cy={view.cy} role={view.role}>
+        <h1 className={styles.title}>{view.title}</h1>
+        {view.body && <p className={styles.body}>{view.body}</p>}
+        <button
+          type="button"
+          className={styles.cta}
+          onClick={() => router.push('/')}
+          data-cy="email-change-home"
+        >
+          {view.cta}
+        </button>
+      </div>
+    </div>
+  );
+};
+
+export default EmailChangeConfirmPage;
diff --git a/yarn.lock b/yarn.lock
index 5882be75..d722eb89 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -10,6 +10,38 @@
     "@jridgewell/gen-mapping" "^0.3.5"
     "@jridgewell/trace-mapping" "^0.3.24"
 
+"@asamuzakjp/css-color@^5.1.11":
+  version "5.1.11"
+  resolved "https://registry.yarnpkg.com/@asamuzakjp/css-color/-/css-color-5.1.11.tgz#28a0aac8220a4cc19045ac3bd9a813d4060bd375"
+  integrity sha512-KVw6qIiCTUQhByfTd78h2yD1/00waTmm9uy/R7Ck/ctUyAPj+AEDLkQIdJW0T8+qGgj3j5bpNKK7Q3G+LedJWg==
+  dependencies:
+    "@asamuzakjp/generational-cache" "^1.0.1"
+    "@csstools/css-calc" "^3.2.0"
+    "@csstools/css-color-parser" "^4.1.0"
+    "@csstools/css-parser-algorithms" "^4.0.0"
+    "@csstools/css-tokenizer" "^4.0.0"
+
+"@asamuzakjp/dom-selector@^7.1.1":
+  version "7.1.1"
+  resolved "https://registry.yarnpkg.com/@asamuzakjp/dom-selector/-/dom-selector-7.1.1.tgz#01880086bb2490098f167beb58555da1a6c9adbd"
+  integrity sha512-67RZDnYRc8H/8MLDgQCDE//zoqVFwajkepHZgmXrbwybzXOEwOWGPYGmALYl9J2DOLfFPPs6kKCqmbzV895hTQ==
+  dependencies:
+    "@asamuzakjp/generational-cache" "^1.0.1"
+    "@asamuzakjp/nwsapi" "^2.3.9"
+    bidi-js "^1.0.3"
+    css-tree "^3.2.1"
+    is-potential-custom-element-name "^1.0.1"
+
+"@asamuzakjp/generational-cache@^1.0.1":
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/@asamuzakjp/generational-cache/-/generational-cache-1.0.1.tgz#3d0bf6be4fc059851390a7070720c6007af793ec"
+  integrity sha512-wajfB8KqzMCN2KGNFdLkReeHncd0AslUSrvHVvvYWuU8ghncRJoA50kT3zP9MVL0+9g4/67H+cdvBskj9THPzg==
+
+"@asamuzakjp/nwsapi@^2.3.9":
+  version "2.3.9"
+  resolved "https://registry.yarnpkg.com/@asamuzakjp/nwsapi/-/nwsapi-2.3.9.tgz#ad5549322dfe9d153d4b4dd6f7ff2ae234b06e24"
+  integrity sha512-n8GuYSrI9bF7FFZ/SjhwevlHc8xaVlb/7HmHelnc/PZXBD2ZR49NnN9sMMuDdEGPeeRQ5d0hqlSlEpgCX3Wl0Q==
+
 "@axe-core/playwright@^4.11.2":
   version "4.11.2"
   resolved "https://registry.yarnpkg.com/@axe-core/playwright/-/playwright-4.11.2.tgz#d2d8f7ac056ecd50b56040d3651dc508f609bd7c"
@@ -913,6 +945,13 @@
     "@babel/helper-string-parser" "^7.27.1"
     "@babel/helper-validator-identifier" "^7.28.5"
 
+"@bramus/specificity@^2.4.2":
+  version "2.4.2"
+  resolved "https://registry.yarnpkg.com/@bramus/specificity/-/specificity-2.4.2.tgz#aa8db8eb173fdee7324f82284833106adeecc648"
+  integrity sha512-ctxtJ/eA+t+6q2++vj5j7FYX3nRu311q1wfYH3xjlLOsczhlhxAg2FWNUXhpGvAw3BWo1xBcvOV6/YLc2r5FJw==
+  dependencies:
+    css-tree "^3.0.0"
+
 "@cspotcode/source-map-support@^0.8.0":
   version "0.8.1"
   resolved "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz"
@@ -920,6 +959,39 @@
   dependencies:
     "@jridgewell/trace-mapping" "0.3.9"
 
+"@csstools/color-helpers@^6.0.2":
+  version "6.0.2"
+  resolved "https://registry.yarnpkg.com/@csstools/color-helpers/-/color-helpers-6.0.2.tgz#82c59fd30649cf0b4d3c82160489748666e6550b"
+  integrity sha512-LMGQLS9EuADloEFkcTBR3BwV/CGHV7zyDxVRtVDTwdI2Ca4it0CCVTT9wCkxSgokjE5Ho41hEPgb8OEUwoXr6Q==
+
+"@csstools/css-calc@^3.2.0":
+  version "3.2.0"
+  resolved "https://registry.yarnpkg.com/@csstools/css-calc/-/css-calc-3.2.0.tgz#15ca1a80a026ced0f6c4e12124c398e3db8e1617"
+  integrity sha512-bR9e6o2BDB12jzN/gIbjHa5wLJ4UjD1CB9pM7ehlc0ddk6EBz+yYS1EV2MF55/HUxrHcB/hehAyt5vhsA3hx7w==
+
+"@csstools/css-color-parser@^4.1.0":
+  version "4.1.0"
+  resolved "https://registry.yarnpkg.com/@csstools/css-color-parser/-/css-color-parser-4.1.0.tgz#1d64ea09c548d3ed331648ea0b831e16b80c891c"
+  integrity sha512-U0KhLYmy2GVj6q4T3WaAe6NPuFYCPQoE3b0dRGxejWDgcPp8TP7S5rVdM5ZrFaqu4N67X8YaPBw14dQSYx3IyQ==
+  dependencies:
+    "@csstools/color-helpers" "^6.0.2"
+    "@csstools/css-calc" "^3.2.0"
+
+"@csstools/css-parser-algorithms@^4.0.0":
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/@csstools/css-parser-algorithms/-/css-parser-algorithms-4.0.0.tgz#e1c65dc09378b42f26a111fca7f7075fc2c26164"
+  integrity sha512-+B87qS7fIG3L5h3qwJ/IFbjoVoOe/bpOdh9hAjXbvx0o8ImEmUsGXN0inFOnk2ChCFgqkkGFQ+TpM5rbhkKe4w==
+
+"@csstools/css-syntax-patches-for-csstree@^1.1.3":
+  version "1.1.3"
+  resolved "https://registry.yarnpkg.com/@csstools/css-syntax-patches-for-csstree/-/css-syntax-patches-for-csstree-1.1.3.tgz#3204cf40deb97db83e225b0baa9e37d9c3bd344d"
+  integrity sha512-SH60bMfrRCJF3morcdk57WklujF4Jr/EsQUzqkarfHXEFcAR1gg7fS/chAE922Sehgzc1/+Tz5H3Ypa1HiEKrg==
+
+"@csstools/css-tokenizer@^4.0.0":
+  version "4.0.0"
+  resolved "https://registry.yarnpkg.com/@csstools/css-tokenizer/-/css-tokenizer-4.0.0.tgz#798a33950d11226a0ebb6acafa60f5594424967f"
+  integrity sha512-QxULHAm7cNu72w97JUNCBFODFaXpbDg+dP8b/oWFAZ2MTRppA3U00Y2L1HqaS4J6yBqxwa/Y3nMBaxVKbB/NsA==
+
 "@discoveryjs/json-ext@0.5.7":
   version "0.5.7"
   resolved "https://registry.yarnpkg.com/@discoveryjs/json-ext/-/json-ext-0.5.7.tgz#1d572bfbbe14b7704e0ba0f39b74815b84870d70"
@@ -1027,6 +1099,11 @@
     "@eslint/core" "^0.17.0"
     levn "^0.4.1"
 
+"@exodus/bytes@^1.11.0", "@exodus/bytes@^1.15.0", "@exodus/bytes@^1.6.0":
+  version "1.15.0"
+  resolved "https://registry.yarnpkg.com/@exodus/bytes/-/bytes-1.15.0.tgz#54479e0f406cbad024d6fe1c3190ecca4468df3b"
+  integrity sha512-UY0nlA+feH81UGSHv92sLEPLCeZFjXOuHhrIo0HQydScuQc8s0A7kL/UdgwgDq8g8ilksmuoF35YVTNphV2aBQ==
+
 "@floating-ui/core@^1.7.4":
   version "1.7.4"
   resolved "https://registry.npmjs.org/@floating-ui/core/-/core-1.7.4.tgz"
@@ -1568,6 +1645,13 @@
   dependencies:
     "@types/unist" "^2"
 
+"@types/hast@^3.0.0":
+  version "3.0.4"
+  resolved "https://registry.yarnpkg.com/@types/hast/-/hast-3.0.4.tgz#1d6b39993b82cea6ad783945b0508c25903e15aa"
+  integrity sha512-WPs+bbQw5aCj+x6laNGWLH3wviHtoCv/P3+otBhbOhJgG8qtpdAMlTCxLtsTWA7LH1Oh/bFCHsBn0TPS5m30EQ==
+  dependencies:
+    "@types/unist" "*"
+
 "@types/hoist-non-react-statics@^3.3.0":
   version "3.3.7"
   resolved "https://registry.npmjs.org/@types/hoist-non-react-statics/-/hoist-non-react-statics-3.3.7.tgz"
@@ -1678,6 +1762,16 @@
   dependencies:
     swiper "*"
 
+"@types/trusted-types@^2.0.7":
+  version "2.0.7"
+  resolved "https://registry.yarnpkg.com/@types/trusted-types/-/trusted-types-2.0.7.tgz#baccb07a970b91707df3a3e8ba6896c57ead2d11"
+  integrity sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==
+
+"@types/unist@*", "@types/unist@^3.0.0":
+  version "3.0.3"
+  resolved "https://registry.yarnpkg.com/@types/unist/-/unist-3.0.3.tgz#acaab0f919ce69cce629c2d4ed2eb4adc1b6c20c"
+  integrity sha512-ko/gIFJRv177XgZsZcBwnqJN5x/Gien8qNOn0D5bQU/zAzVf9Zt3BlcUiLqhV9y4ARk0GbT3tnUiPNgnTXzc/Q==
+
 "@types/unist@^2", "@types/unist@^2.0.0":
   version "2.0.11"
   resolved "https://registry.npmjs.org/@types/unist/-/unist-2.0.11.tgz"
@@ -1784,6 +1878,11 @@
     "@typescript-eslint/types" "8.56.1"
     eslint-visitor-keys "^5.0.0"
 
+"@ungap/structured-clone@^1.0.0":
+  version "1.3.1"
+  resolved "https://registry.yarnpkg.com/@ungap/structured-clone/-/structured-clone-1.3.1.tgz#0e8f34854df7966b09304a18e808b23997bb9fc1"
+  integrity sha512-mUFwbeTqrVgDQxFveS+df2yfap6iuP20NAKAsBt5jDEoOTDew+zwLAOilHCeQJOVSvmgCX4ogqIrA0mnyr08yQ==
+
 "@unrs/resolver-binding-android-arm-eabi@1.11.1":
   version "1.11.1"
   resolved "https://registry.yarnpkg.com/@unrs/resolver-binding-android-arm-eabi/-/resolver-binding-android-arm-eabi-1.11.1.tgz#9f5b04503088e6a354295e8ea8fe3cb99e43af81"
@@ -2142,6 +2241,13 @@ baseline-browser-mapping@^2.9.0:
   resolved "https://registry.npmjs.org/baseline-browser-mapping/-/baseline-browser-mapping-2.10.0.tgz"
   integrity sha512-lIyg0szRfYbiy67j9KN8IyeD7q7hcmqnJ1ddWmNt19ItGpNN64mnllmxUNFIOdOm6by97jlL6wfpTTJrmnjWAA==
 
+bidi-js@^1.0.3:
+  version "1.0.3"
+  resolved "https://registry.yarnpkg.com/bidi-js/-/bidi-js-1.0.3.tgz#6f8bcf3c877c4d9220ddf49b9bb6930c88f877d2"
+  integrity sha512-RKshQI1R3YQ+n9YJz2QQ147P66ELpa1FQEg20Dk8oW9t2KgLbpDLLp9aGZ7y8WHSshDknG0bknqGw5/tyCs5tw==
+  dependencies:
+    require-from-string "^2.0.2"
+
 big.js@^5.2.2:
   version "5.2.2"
   resolved "https://registry.npmjs.org/big.js/-/big.js-5.2.2.tgz"
@@ -2439,6 +2545,14 @@ css-tree@^2.3.1:
     mdn-data "2.0.30"
     source-map-js "^1.0.1"
 
+css-tree@^3.0.0, css-tree@^3.2.1:
+  version "3.2.1"
+  resolved "https://registry.yarnpkg.com/css-tree/-/css-tree-3.2.1.tgz#86cac7011561272b30e6b1e042ba6ce047aa7518"
+  integrity sha512-X7sjQzceUhu1u7Y/ylrRZFU2FS6LRiFVp6rKLPg23y3x3c3DOKAwuXGDp+PAGjh6CSnCjYeAul8pcT8bAl+lSA==
+  dependencies:
+    mdn-data "2.27.1"
+    source-map-js "^1.2.1"
+
 css-tree@~2.2.0:
   version "2.2.1"
   resolved "https://registry.npmjs.org/css-tree/-/css-tree-2.2.1.tgz"
@@ -2477,6 +2591,14 @@ damerau-levenshtein@^1.0.8:
   resolved "https://registry.npmjs.org/damerau-levenshtein/-/damerau-levenshtein-1.0.8.tgz"
   integrity sha512-sdQSFB7+llfUcQHUQO3+B8ERRj0Oa4w9POWMI/puGtuf7gFywGmkaLCElnudfTiKZV+NvHqL0ifzdrI8Ro7ESA==
 
+data-urls@^7.0.0:
+  version "7.0.0"
+  resolved "https://registry.yarnpkg.com/data-urls/-/data-urls-7.0.0.tgz#6dce8b63226a1ecfdd907ce18a8ccfb1eee506d3"
+  integrity sha512-23XHcCF+coGYevirZceTVD7NdJOqVn+49IHyxgszm+JIiHLoB2TkmPtsYkNWT1pvRSGkc35L6NHs0yHkN2SumA==
+  dependencies:
+    whatwg-mimetype "^5.0.0"
+    whatwg-url "^16.0.0"
+
 data-view-buffer@^1.0.2:
   version "1.0.2"
   resolved "https://registry.npmjs.org/data-view-buffer/-/data-view-buffer-1.0.2.tgz"
@@ -2530,6 +2652,11 @@ debug@^4.0.0, debug@^4.1.0, debug@^4.3.1, debug@^4.3.2, debug@^4.4.0, debug@^4.4
   dependencies:
     ms "^2.1.3"
 
+decimal.js@^10.6.0:
+  version "10.6.0"
+  resolved "https://registry.yarnpkg.com/decimal.js/-/decimal.js-10.6.0.tgz#e649a43e3ab953a72192ff5983865e509f37ed9a"
+  integrity sha512-YpgQiITW3JXGntzdUmyUR1V812Hn8T1YVXhCu+wO3OpS4eU9l4YdD3qjyiKdV6mvV29zapkMeD390UVEf2lkUg==
+
 decode-named-character-reference@^1.0.0:
   version "1.3.0"
   resolved "https://registry.npmjs.org/decode-named-character-reference/-/decode-named-character-reference-1.3.0.tgz"
@@ -2613,6 +2740,13 @@ domhandler@^5.0.2, domhandler@^5.0.3:
   dependencies:
     domelementtype "^2.3.0"
 
+dompurify@^3.4.2:
+  version "3.4.2"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.4.2.tgz#f0ff81be682c485505097ba8195a058d8f575218"
+  integrity sha512-lHeS9SA/IKeIFFyYciHBr2n0v1VMPlSj843HdLOwjb2OxNwdq9Xykxqhk+FE42MzAdHvInbAolSE4mhahPpjXA==
+  optionalDependencies:
+    "@types/trusted-types" "^2.0.7"
+
 domutils@^3.0.1, domutils@^3.2.2:
   version "3.2.2"
   resolved "https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz"
@@ -2679,6 +2813,11 @@ entities@^7.0.1:
   resolved "https://registry.yarnpkg.com/entities/-/entities-7.0.1.tgz#26e8a88889db63417dcb9a1e79a3f1bc92b5976b"
   integrity sha512-TWrgLOFUQTH994YUyl1yT4uyavY5nNB5muff+RtWaqNVCAK408b5ZnnbNAUEWLTCpum9w6arT70i1XdQ4UeOPA==
 
+entities@^8.0.0:
+  version "8.0.0"
+  resolved "https://registry.yarnpkg.com/entities/-/entities-8.0.0.tgz#c1df5fe3602429747fa233d0dd26f142f0ce4743"
+  integrity sha512-zwfzJecQ/Uej6tusMqwAqU/6KL2XaB2VZ2Jg54Je6ahNBGNH6Ek6g3jjNCF0fG9EWQKGZNddNjU5F1ZQn/sBnA==
+
 error-ex@^1.3.1:
   version "1.3.4"
   resolved "https://registry.npmjs.org/error-ex/-/error-ex-1.3.4.tgz"
@@ -3401,6 +3540,15 @@ hast-util-raw@^7.2.0:
     web-namespaces "^2.0.0"
     zwitch "^2.0.0"
 
+hast-util-sanitize@^5.0.0:
+  version "5.0.2"
+  resolved "https://registry.yarnpkg.com/hast-util-sanitize/-/hast-util-sanitize-5.0.2.tgz#edb260d94e5bba2030eb9375790a8753e5bf391f"
+  integrity sha512-3yTWghByc50aGS7JlGhk61SPenfE/p1oaFeNwkOOyrscaOkMGrcW9+Cy/QAIOBpZxP1yqDIzFMR0+Np0i0+usg==
+  dependencies:
+    "@types/hast" "^3.0.0"
+    "@ungap/structured-clone" "^1.0.0"
+    unist-util-position "^5.0.0"
+
 hast-util-to-parse5@^7.0.0:
   version "7.1.0"
   resolved "https://registry.npmjs.org/hast-util-to-parse5/-/hast-util-to-parse5-7.1.0.tgz"
@@ -3436,6 +3584,13 @@ hoist-non-react-statics@^3.2.0, hoist-non-react-statics@^3.3.0, hoist-non-react-
   dependencies:
     react-is "^16.7.0"
 
+html-encoding-sniffer@^6.0.0:
+  version "6.0.0"
+  resolved "https://registry.yarnpkg.com/html-encoding-sniffer/-/html-encoding-sniffer-6.0.0.tgz#f8d9390b3b348b50d4f61c16dd2ef5c05980a882"
+  integrity sha512-CV9TW3Y3f8/wT0BRFc1/KAVQ3TUHiXmaAb6VW9vtiMFf7SLoMd1PdAc4W3KFOFETBJUb90KatHqlsZMWV+R9Gg==
+  dependencies:
+    "@exodus/bytes" "^1.6.0"
+
 html-escaper@^2.0.2:
   version "2.0.2"
   resolved "https://registry.yarnpkg.com/html-escaper/-/html-escaper-2.0.2.tgz#dfd60027da36a36dfcbe236262c00a5822681453"
@@ -3701,6 +3856,11 @@ is-plain-object@^5.0.0:
   resolved "https://registry.yarnpkg.com/is-plain-object/-/is-plain-object-5.0.0.tgz#4427f50ab3429e9025ea7d52e9043a9ef4159344"
   integrity sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==
 
+is-potential-custom-element-name@^1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/is-potential-custom-element-name/-/is-potential-custom-element-name-1.0.1.tgz#171ed6f19e3ac554394edf78caa05784a45bebb5"
+  integrity sha512-bCYeRA2rVibKZd+s2625gGnGF/t7DSqDs4dP7CrLA1m7jKWz6pps0LpYLJN8Q64HtmPKJ1hrN3nzPNKFEKOUiQ==
+
 is-regex@^1.2.1:
   version "1.2.1"
   resolved "https://registry.npmjs.org/is-regex/-/is-regex-1.2.1.tgz"
@@ -3777,6 +3937,14 @@ isexe@^2.0.0:
   resolved "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz"
   integrity sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==
 
+isomorphic-dompurify@^3.12.0:
+  version "3.12.0"
+  resolved "https://registry.yarnpkg.com/isomorphic-dompurify/-/isomorphic-dompurify-3.12.0.tgz#dbb9c7e9451f7f5ed84ee5e1b2e54d504785d6f9"
+  integrity sha512-8n+j+6ypTHvriJwFOQ2qusQ6bzGjZVcR3jbe1pBpLcGI1dn4WIl0ctLBngqE5QttquQBAlKXwJeTMw+X7x7qKw==
+  dependencies:
+    dompurify "^3.4.2"
+    jsdom "^29.1.1"
+
 iterator.prototype@^1.1.5:
   version "1.1.5"
   resolved "https://registry.npmjs.org/iterator.prototype/-/iterator.prototype-1.1.5.tgz"
@@ -3811,6 +3979,33 @@ jsbn@1.1.0:
   resolved "https://registry.npmjs.org/jsbn/-/jsbn-1.1.0.tgz"
   integrity sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A==
 
+jsdom@^29.1.1:
+  version "29.1.1"
+  resolved "https://registry.yarnpkg.com/jsdom/-/jsdom-29.1.1.tgz#5b9704906f3cd510c34aa941ae2f8f7f8179df01"
+  integrity sha512-ECi4Fi2f7BdJtUKTflYRTiaMxIB0O6zfR1fX0GXpUrf6flp8QIYn1UT20YQqdSOfk2dfkCwS8LAFoJDEppNK5Q==
+  dependencies:
+    "@asamuzakjp/css-color" "^5.1.11"
+    "@asamuzakjp/dom-selector" "^7.1.1"
+    "@bramus/specificity" "^2.4.2"
+    "@csstools/css-syntax-patches-for-csstree" "^1.1.3"
+    "@exodus/bytes" "^1.15.0"
+    css-tree "^3.2.1"
+    data-urls "^7.0.0"
+    decimal.js "^10.6.0"
+    html-encoding-sniffer "^6.0.0"
+    is-potential-custom-element-name "^1.0.1"
+    lru-cache "^11.3.5"
+    parse5 "^8.0.1"
+    saxes "^6.0.0"
+    symbol-tree "^3.2.4"
+    tough-cookie "^6.0.1"
+    undici "^7.25.0"
+    w3c-xmlserializer "^5.0.0"
+    webidl-conversions "^8.0.1"
+    whatwg-mimetype "^5.0.0"
+    whatwg-url "^16.0.1"
+    xml-name-validator "^5.0.0"
+
 jsesc@^3.0.2, jsesc@~3.1.0:
   version "3.1.0"
   resolved "https://registry.npmjs.org/jsesc/-/jsesc-3.1.0.tgz"
@@ -4129,6 +4324,11 @@ lru-cache@^11.0.0:
   resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-11.3.5.tgz#29047d348c0b2793e3112a01c739bb7c6d855637"
   integrity sha512-NxVFwLAnrd9i7KUBxC4DrUhmgjzOs+1Qm50D3oF1/oL+r1NpZ4gA7xvG0/zJ8evR7zIKn4vLf7qTNduWFtCrRw==
 
+lru-cache@^11.3.5:
+  version "11.3.6"
+  resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-11.3.6.tgz#f0306ad6e9f0a5dc25b16aeba4e8f57b7ec2df55"
+  integrity sha512-Gf/KoL3C/MlI7Bt0PGI9I+TeTC/I6r/csU58N4BSNc4lppLBeKsOdFYkK+dX0ABDUMJNfCHTyPpzwwO21Awd3A==
+
 lru-cache@^5.1.1:
   version "5.1.1"
   resolved "https://registry.npmjs.org/lru-cache/-/lru-cache-5.1.1.tgz"
@@ -4235,6 +4435,11 @@ mdn-data@2.0.30:
   resolved "https://registry.npmjs.org/mdn-data/-/mdn-data-2.0.30.tgz"
   integrity sha512-GaqWWShW4kv/G9IEucWScBx9G1/vsFZZJUO+tD26M8J8z3Kw5RDQjaoZe03YAClgeS/SWPOcb4nkFBTEi5DUEA==
 
+mdn-data@2.27.1:
+  version "2.27.1"
+  resolved "https://registry.yarnpkg.com/mdn-data/-/mdn-data-2.27.1.tgz#e37b9c50880b75366c4d40ac63d9bbcacdb61f0e"
+  integrity sha512-9Yubnt3e8A0OKwxYSXyhLymGW4sCufcLG6VdiDdUGVkPhpqLxlvP5vl1983gQjJl3tqbrM731mjaZaP68AgosQ==
+
 memoize-one@^5.1.1:
   version "5.2.1"
   resolved "https://registry.npmjs.org/memoize-one/-/memoize-one-5.2.1.tgz"
@@ -4787,6 +4992,13 @@ parse5@^6.0.0:
   resolved "https://registry.npmjs.org/parse5/-/parse5-6.0.1.tgz"
   integrity sha512-Ofn/CTFzRGTTxwpNEs9PP93gXShHcTq255nzRYSKe8AkVpZY7e1fpmTfOyoIvjP5HG7Z2ZM7VS9PPhQGW2pOpw==
 
+parse5@^8.0.1:
+  version "8.0.1"
+  resolved "https://registry.yarnpkg.com/parse5/-/parse5-8.0.1.tgz#f43bcd2cd683efe084075333e9ce0da7d06da31e"
+  integrity sha512-z1e/HMG90obSGeidlli3hj7cbocou0/wa5HacvI3ASx34PecNjNQeaHNo5WIZpWofN9kgkqV1q5YvXe3F0FoPw==
+  dependencies:
+    entities "^8.0.0"
+
 path-exists@^4.0.0:
   version "4.0.0"
   resolved "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz"
@@ -4937,7 +5149,7 @@ property-information@^6.0.0:
   resolved "https://registry.npmjs.org/property-information/-/property-information-6.5.0.tgz"
   integrity sha512-PgTgs/BlvHxOu8QuEN7wi5A0OmXaBcHpmCSTehcs6Uuu9IkDIEo13Hy7n898RHfrQ49vKCoGeWZSaAK01nwVig==
 
-punycode@^2.1.0:
+punycode@^2.1.0, punycode@^2.3.1:
   version "2.3.1"
   resolved "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz"
   integrity sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==
@@ -5181,6 +5393,14 @@ rehype-raw@6.1.1:
     hast-util-raw "^7.2.0"
     unified "^10.0.0"
 
+rehype-sanitize@^6.0.0:
+  version "6.0.0"
+  resolved "https://registry.yarnpkg.com/rehype-sanitize/-/rehype-sanitize-6.0.0.tgz#16e95f4a67a69cbf0f79e113c8e0df48203db73c"
+  integrity sha512-CsnhKNsyI8Tub6L4sm5ZFsme4puGfc6pYylvXo1AeqaGbjOYyzNv3qZPwvs0oMJ39eryyeOdmxwUIo94IpEhqg==
+  dependencies:
+    "@types/hast" "^3.0.0"
+    hast-util-sanitize "^5.0.0"
+
 remark-breaks@3.0.2:
   version "3.0.2"
   resolved "https://registry.npmjs.org/remark-breaks/-/remark-breaks-3.0.2.tgz"
@@ -5209,6 +5429,11 @@ remark-rehype@^10.0.0:
     mdast-util-to-hast "^12.1.0"
     unified "^10.0.0"
 
+require-from-string@^2.0.2:
+  version "2.0.2"
+  resolved "https://registry.yarnpkg.com/require-from-string/-/require-from-string-2.0.2.tgz#89a7fdd938261267318eafe14f9c32e598c36909"
+  integrity sha512-Xf0nWe6RseziFMu+Ap9biiUbmplq6S9/p+7w7YXP/JBHhrUDDUhwa+vANyubuqfZWTveU//DYVGsDG7RKL/vEw==
+
 resize-observer-polyfill@^1.5.0:
   version "1.5.1"
   resolved "https://registry.npmjs.org/resize-observer-polyfill/-/resize-observer-polyfill-1.5.1.tgz"
@@ -5324,6 +5549,13 @@ sax@^1.5.0:
   resolved "https://registry.npmjs.org/sax/-/sax-1.6.0.tgz"
   integrity sha512-6R3J5M4AcbtLUdZmRv2SygeVaM7IhrLXu9BmnOGmmACak8fiUtOsYNWUS4uK7upbmHIBbLBeFeI//477BKLBzA==
 
+saxes@^6.0.0:
+  version "6.0.0"
+  resolved "https://registry.yarnpkg.com/saxes/-/saxes-6.0.0.tgz#fe5b4a4768df4f14a201b1ba6a65c1f3d9988cc5"
+  integrity sha512-xAg7SOnEhrm5zI3puOOKyy1OMcMlIJZYNJY7xLBwSze0UjhPLnWfj2GF2EpT0jmzaJKIWKHLsaSSajf35bcYnA==
+  dependencies:
+    xmlchars "^2.2.0"
+
 scheduler@^0.25.0:
   version "0.25.0"
   resolved "https://registry.npmjs.org/scheduler/-/scheduler-0.25.0.tgz"
@@ -5669,6 +5901,11 @@ symbol-observable@^1.2.0:
   resolved "https://registry.npmjs.org/symbol-observable/-/symbol-observable-1.2.0.tgz"
   integrity sha512-e900nM8RRtGhlV36KGEU9k65K3mPb1WV70OdjfxlG2EAuM1noi/E/BaW/uMhL7bPEssK8QV57vN3esixjUvcXQ==
 
+symbol-tree@^3.2.4:
+  version "3.2.4"
+  resolved "https://registry.yarnpkg.com/symbol-tree/-/symbol-tree-3.2.4.tgz#430637d248ba77e078883951fb9aa0eed7c63fa2"
+  integrity sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==
+
 text-segmentation@^1.0.3:
   version "1.0.3"
   resolved "https://registry.npmjs.org/text-segmentation/-/text-segmentation-1.0.3.tgz"
@@ -5704,6 +5941,18 @@ tinyglobby@^0.2.13, tinyglobby@^0.2.15:
     fdir "^6.5.0"
     picomatch "^4.0.3"
 
+tldts-core@^7.0.30:
+  version "7.0.30"
+  resolved "https://registry.yarnpkg.com/tldts-core/-/tldts-core-7.0.30.tgz#c495dba27778f2220bea94f3f6399005c7aca61c"
+  integrity sha512-uiHN8PIB1VmWyS98eZYja4xzlYqeFZVjb4OuYlJQnZAuJhMw4PbKQOKgHKhBdJR3FE/t5mUQ1Kd80++B+qhD1Q==
+
+tldts@^7.0.5:
+  version "7.0.30"
+  resolved "https://registry.yarnpkg.com/tldts/-/tldts-7.0.30.tgz#497cea8d610953222f9dcb3ceb07c7207efcd816"
+  integrity sha512-ELrFxuqsDdHUwoh0XxDbxuLD3Wnz49Z57IFvTtvWy1hJdcMZjXLIuonjilCiWHlT2GbE4Wlv1wKVTzDFnXH1aw==
+  dependencies:
+    tldts-core "^7.0.30"
+
 to-regex-range@^5.0.1:
   version "5.0.1"
   resolved "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz"
@@ -5716,6 +5965,20 @@ totalist@^3.0.0:
   resolved "https://registry.yarnpkg.com/totalist/-/totalist-3.0.1.tgz#ba3a3d600c915b1a97872348f79c127475f6acf8"
   integrity sha512-sf4i37nQ2LBx4m3wB74y+ubopq6W/dIzXg0FDGjsYnZHVa1Da8FH853wlL2gtUhg+xJXjfk3kUZS3BRoQeoQBQ==
 
+tough-cookie@^6.0.1:
+  version "6.0.1"
+  resolved "https://registry.yarnpkg.com/tough-cookie/-/tough-cookie-6.0.1.tgz#a495f833836609ed983c19bc65639cfbceb54c76"
+  integrity sha512-LktZQb3IeoUWB9lqR5EWTHgW/VTITCXg4D21M+lvybRVdylLrRMnqaIONLVb5mav8vM19m44HIcGq4qASeu2Qw==
+  dependencies:
+    tldts "^7.0.5"
+
+tr46@^6.0.0:
+  version "6.0.0"
+  resolved "https://registry.yarnpkg.com/tr46/-/tr46-6.0.0.tgz#f5a1ae546a0adb32a277a2278d0d17fa2f9093e6"
+  integrity sha512-bLVMLPtstlZ4iMQHpFHTR7GAGj2jxi8Dg0s2h2MafAE4uSWF98FC/3MomU51iQAMf8/qDUbKWf5GxuvvVcXEhw==
+  dependencies:
+    punycode "^2.3.1"
+
 trim-lines@^3.0.0:
   version "3.0.1"
   resolved "https://registry.npmjs.org/trim-lines/-/trim-lines-3.0.1.tgz"
@@ -5842,7 +6105,7 @@ undici-types@~7.16.0:
   resolved "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz"
   integrity sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==
 
-undici@^7.16.0:
+undici@^7.16.0, undici@^7.25.0:
   version "7.25.0"
   resolved "https://registry.yarnpkg.com/undici/-/undici-7.25.0.tgz#7d72fc429a0421769ca2966fd07cac875c85b781"
   integrity sha512-xXnp4kTyor2Zq+J1FfPI6Eq3ew5h6Vl0F/8d9XU5zZQf1tX9s2Su1/3PiMmUANFULpmksxkClamIZcaUqryHsQ==
@@ -5902,6 +6165,13 @@ unist-util-position@^4.0.0:
   dependencies:
     "@types/unist" "^2.0.0"
 
+unist-util-position@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/unist-util-position/-/unist-util-position-5.0.0.tgz#678f20ab5ca1207a97d7ea8a388373c9cf896be4"
+  integrity sha512-fucsC7HjXvkB5R3kTCO7kUjRdrS0BJt3M/FPxmHMBOm8JQi2BsHAHFsy27E0EolP8rp0NzXsJ+jNPyDWvOJZPA==
+  dependencies:
+    "@types/unist" "^3.0.0"
+
 unist-util-stringify-position@^3.0.0:
   version "3.0.3"
   resolved "https://registry.npmjs.org/unist-util-stringify-position/-/unist-util-stringify-position-3.0.3.tgz"
@@ -6026,6 +6296,13 @@ vfile@^5.0.0:
     unist-util-stringify-position "^3.0.0"
     vfile-message "^3.0.0"
 
+w3c-xmlserializer@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/w3c-xmlserializer/-/w3c-xmlserializer-5.0.0.tgz#f925ba26855158594d907313cedd1476c5967f6c"
+  integrity sha512-o8qghlI8NZHU1lLPrpi2+Uq7abh4GGPpYANlalzWxyWteJOCsr/P+oPBA49TOLu5FTZO4d3F9MnWJfiMo4BkmA==
+  dependencies:
+    xml-name-validator "^5.0.0"
+
 web-namespaces@^2.0.0:
   version "2.0.1"
   resolved "https://registry.npmjs.org/web-namespaces/-/web-namespaces-2.0.1.tgz"
@@ -6036,6 +6313,11 @@ web-vitals@^5.2.0:
   resolved "https://registry.yarnpkg.com/web-vitals/-/web-vitals-5.2.0.tgz#5de39106a652228bb5c40021d62b669d213e6e17"
   integrity sha512-i2z98bEmaCqSDiHEDu+gHl/dmR4Q+TxFmG3/13KkMO+o8UxQzCqWaDRCiLgEa41nlO4VpXSI0ASa1xWmO9sBlA==
 
+webidl-conversions@^8.0.1:
+  version "8.0.1"
+  resolved "https://registry.yarnpkg.com/webidl-conversions/-/webidl-conversions-8.0.1.tgz#0657e571fe6f06fcb15ca50ed1fdbcb495cd1686"
+  integrity sha512-BMhLD/Sw+GbJC21C/UgyaZX41nPt8bUTg+jWyDeg7e7YN4xOM05YPSIXceACnXVtqyEw/LMClUQMtMZ+PGGpqQ==
+
 webpack-bundle-analyzer@4.10.1:
   version "4.10.1"
   resolved "https://registry.yarnpkg.com/webpack-bundle-analyzer/-/webpack-bundle-analyzer-4.10.1.tgz#84b7473b630a7b8c21c741f81d8fe4593208b454"
@@ -6055,6 +6337,20 @@ webpack-bundle-analyzer@4.10.1:
     sirv "^2.0.3"
     ws "^7.3.1"
 
+whatwg-mimetype@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/whatwg-mimetype/-/whatwg-mimetype-5.0.0.tgz#d8232895dbd527ceaee74efd4162008fb8a8cf48"
+  integrity sha512-sXcNcHOC51uPGF0P/D4NVtrkjSU2fNsm9iog4ZvZJsL3rjoDAzXZhkm2MWt1y+PUdggKAYVoMAIYcs78wJ51Cw==
+
+whatwg-url@^16.0.0, whatwg-url@^16.0.1:
+  version "16.0.1"
+  resolved "https://registry.yarnpkg.com/whatwg-url/-/whatwg-url-16.0.1.tgz#047f7f4bd36ef76b7198c172d1b1cebc66f764dd"
+  integrity sha512-1to4zXBxmXHV3IiSSEInrreIlu02vUOvrhxJJH5vcxYTBDAx51cqZiKdyTxlecdKNSjj8EcxGBxNf6Vg+945gw==
+  dependencies:
+    "@exodus/bytes" "^1.11.0"
+    tr46 "^6.0.0"
+    webidl-conversions "^8.0.1"
+
 which-boxed-primitive@^1.1.0, which-boxed-primitive@^1.1.1:
   version "1.1.1"
   resolved "https://registry.npmjs.org/which-boxed-primitive/-/which-boxed-primitive-1.1.1.tgz"
@@ -6130,6 +6426,16 @@ ws@^7.3.1:
   resolved "https://registry.yarnpkg.com/ws/-/ws-7.5.10.tgz#58b5c20dc281633f6c19113f39b349bd8bd558d9"
   integrity sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==
 
+xml-name-validator@^5.0.0:
+  version "5.0.0"
+  resolved "https://registry.yarnpkg.com/xml-name-validator/-/xml-name-validator-5.0.0.tgz#82be9b957f7afdacf961e5980f1bf227c0bf7673"
+  integrity sha512-EvGK8EJ3DhaHfbRlETOWAS5pO9MZITeauHKJyb8wyajUfQUenkIg2MvLDTZ4T/TgIcm3HU0TFBgWWboAZ30UHg==
+
+xmlchars@^2.2.0:
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/xmlchars/-/xmlchars-2.2.0.tgz#060fe1bcb7f9c76fe2a17db86a9bc3ab894210cb"
+  integrity sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==
+
 yallist@^3.0.2:
   version "3.1.1"
   resolved "https://registry.npmjs.org/yallist/-/yallist-3.1.1.tgz"