If you discover a security vulnerability (e.g., an XSS bypass in the escape functions), please report it responsibly:

1. Do not open a public issue
2. Use GitHub Security Advisories to report privately
3. Include steps to reproduce and the expected impact

We will acknowledge receipt within 48 hours and aim to release a fix within 7 days for critical issues.