diff --git a/template-parts/footer-builder-elements/html-1.php b/template-parts/footer-builder-elements/html-1.php
index 0e268d4b4..702de6c2c 100644
--- a/template-parts/footer-builder-elements/html-1.php
+++ b/template-parts/footer-builder-elements/html-1.php
@@ -1,5 +1,5 @@
 <?php
 $html_1 = get_theme_mod( 'colormag_footer_html_1', '' );
 echo '<div class="cm-html-1 cm-footer-html-1">';
-echo $html_1;
+echo wp_kses_post( $html_1 );
 echo '</div>';
diff --git a/template-parts/header-builder-elements/html-1.php b/template-parts/header-builder-elements/html-1.php
index b9d5f42a2..243e42fb9 100644
--- a/template-parts/header-builder-elements/html-1.php
+++ b/template-parts/header-builder-elements/html-1.php
@@ -1,5 +1,5 @@
 <?php
 $html_1 = get_theme_mod( 'colormag_header_html_1', '' );
 echo '<div class="cm-html-1">';
-echo $html_1;
+echo wp_kses_post( $html_1 );
 echo '</div>';
diff --git a/template-parts/hooks/header/header.php b/template-parts/hooks/header/header.php
index 2ed94688c..3c0429cb9 100644
--- a/template-parts/hooks/header/header.php
+++ b/template-parts/hooks/header/header.php
@@ -183,8 +183,8 @@ function colormag_header_start() {
 	}
 
 endif;
-if ( ! colormag_maybe_enable_builder() ){
-add_action( 'colormag_action_before_header', 'colormag_header_start', 10 );
+if ( ! colormag_maybe_enable_builder() ) {
+	add_action( 'colormag_action_before_header', 'colormag_header_start', 10 );
 }
 
 if ( ! function_exists( 'colormag_header_main' ) ) :
@@ -373,9 +373,9 @@ function colormag_header_end() {
 	}
 
 endif;
-if ( ! colormag_maybe_enable_builder() ){
+if ( ! colormag_maybe_enable_builder() ) {
 	add_action( 'colormag_action_after_header', 'colormag_header_end', 10 );
-	}
+}
 
 if ( ! function_exists( 'colormag_main_section_start' ) ) :
 
@@ -599,9 +599,41 @@ function colormag_menu_fallback( $args ) {
 
 		$output .= '</ul>';
 
-		// @codingStandardsIgnoreStart
-		echo $output;
-		// @codingStandardsIgnoreEnd
+		echo wp_kses(
+			$output,
+			array(
+				'ul'   => array(
+					'id'    => true,
+					'class' => true,
+				),
+				'li'   => array(
+					'class' => true,
+				),
+				'a'    => array(
+					'href'  => true,
+					'title' => true,
+					'class' => true,
+				),
+				'span' => array(
+					'class' => true,
+				),
+				'svg'  => array(
+					'class'     => true,
+					'xmlns'     => true,
+					'viewBox'   => true,
+					'xml:space' => true,
+					'role'      => true,
+					'path'      => array(
+						'd'      => true,
+						'fill'   => true,
+						'stroke' => true,
+					),
+				),
+				'div'  => array(
+					'class' => true,
+				),
+			)
+		);
 	}
 
 endif;