Refactoring : sécurité (XSS), découpage en modules inc/* et js/admin/*, IDs résolus par slug, perf (caches, cron Gravatar, assets auto-hébergés), tests

templates/partials/author-card.twig

@@ -1,18 +1,18 @@
 <article class="author-card">
-    <a href="{{ author.url }}" class="author-card__visual" tabindex="-1" aria-hidden="true">
+    <a href="{{ author.url|esc_url }}" class="author-card__visual" tabindex="-1" aria-hidden="true">
         {% if author.avatar_url %}
-            <img src="{{ author.avatar_url }}" alt="{{ author.name }}" loading="lazy">
+            <img src="{{ author.avatar_url|esc_url }}" alt="{{ author.name|esc_attr }}" loading="lazy">
         {% else %}
-            <span class="author-card__initials">{{ author.initials }}</span>
+            <span class="author-card__initials">{{ author.initials|esc_html }}</span>
         {% endif %}
     </a>
     <div class="author-card__info">
-        <h2 class="author-card__name"><a href="{{ author.url }}">{{ author.name }}</a></h2>
+        <h2 class="author-card__name"><a href="{{ author.url|esc_url }}">{{ author.name|esc_html }}</a></h2>
         {% if author.role_label %}
-            <p class="author-card__role">{{ author.role_label }}</p>
+            <p class="author-card__role">{{ author.role_label|esc_html }}</p>
         {% endif %}
         {% if author.affiliation %}
-            <p class="author-card__affiliation">{{ author.affiliation }}</p>
+            <p class="author-card__affiliation">{{ author.affiliation|esc_html }}</p>
         {% endif %}
     </div>
 </article>