fix: escape title output to prevent XSS

[Arukuen]

Summary by CodeRabbit

• Bug Fixes
  • Post outputs (title, category links, meta separator, date/time, comments count) are now properly escaped for safer rendering.
  • Empty post titles now display as "(Untitled)".

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Escaped multiple outputs in post rendering to prevent XSS: title, category link hrefs and labels, meta separator, datetime attributes and displayed dates, and comments count. No control-flow or public API changes; changes are output-escaping only.

Changes

Cohort / File(s)	Summary
Security: Output escaping src/block/posts/index.php	Escaped post title (with default "(Untitled)"), category link href and label, meta separator, <time> datetime attribute and displayed date, and comments count using appropriate esc_* functions. No logic/flow changes.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 I nibbled through the post’s bright day,
Found sly scripts that crept to play,
I wrapped each string in safe, warm wool —
esc_* stitched seams to mend the hole. 🥕✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title correctly identifies the primary change (escaping title output for XSS prevention), though the actual changeset includes broader XSS fixes beyond just the title.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6da2f00 and 5ba1f58.

📒 Files selected for processing (1)

• src/block/posts/index.php

🚧 Files skipped from review as they are similar to previous changes (1)

• src/block/posts/index.php

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)

• GitHub Check: build
• GitHub Check: PHP 8.2 and WP 6.7.2
• GitHub Check: PHP 7.3 and WP latest
• GitHub Check: PHP 8.2 and WP 6.5.5
• GitHub Check: PHP 8.2 and WP latest
• GitHub Check: PHP 8.2 and WP 6.6.2
• GitHub Check: PHP 7.3 and WP 6.5.5

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🤖 Pull request artifacts

file	commit
pr3669-stackable-3669-merge.zip	5ba1f58

[github-actions]

Try this Pull Request in the WordPress playground: https://playground.wordpress.net/?mode=seamless#{"landingPage":"/wp-admin/post-new.php?post_type=page","preferredVersions":{"php":"latest","wp":"latest"},"steps":[{"step":"login","username":"admin","password":"password"},{"step":"installPlugin","pluginZipFile":{"resource":"url","url":"https://raw.githubusercontent.com/gambitph/Stackable/artifacts/pr3669-stackable-3669-merge.zip"}}]}