diff --git a/README.md b/README.md
index 64c35940..988698e5 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-<!--
+<!-- 
   Federalist recommends you use Continuous Integration to automatically test
   and validate any new changes to your site. CircleCI is free for open source
   projcets. You should replace this badge with your own.
diff --git a/_includes/scripts.html b/_includes/scripts.html
index fc02bc29..e12ef195 100644
--- a/_includes/scripts.html
+++ b/_includes/scripts.html
@@ -2,6 +2,7 @@
 
 <script type="text/javascript" src="https://code.jquery.com/jquery-3.7.1.min.js"></script>
 <!-- <script type="text/javascript" src="https://code.jquery.com/jquery-2.2.4.min.js"></script> -->
+<!-- <script src="{{ site.baseurl }}/assets/js/jquery-ui.js"></script> -->
 <!-- <script>var $j = $.noConflict(true);</script> -->
 
 <script src="https://code.jquery.com/jquery-migrate-3.4.1.min.js"></script>
diff --git a/_pages/coffa/assets/js/blob-stream.js b/_pages/coffa/assets/js/blob-stream.js
index 2bbfee26..d2e1a9e7 100644
--- a/_pages/coffa/assets/js/blob-stream.js
+++ b/_pages/coffa/assets/js/blob-stream.js
@@ -1116,7 +1116,7 @@ Buffer._augment = function (arr) {
   return arr
 }
 
-var INVALID_BASE64_RE = /[^+\/0-9A-z]/g
+var INVALID_BASE64_RE = /[^+\/0-9A-Za-z]/g
 
 function base64clean (str) {
   // Node strips out invalid characters like \n and \t from the string, base64-js does not
diff --git a/_pages/payment-accuracy/assets/js/blob-stream.js b/_pages/payment-accuracy/assets/js/blob-stream.js
index 2bbfee26..d2e1a9e7 100644
--- a/_pages/payment-accuracy/assets/js/blob-stream.js
+++ b/_pages/payment-accuracy/assets/js/blob-stream.js
@@ -1116,7 +1116,7 @@ Buffer._augment = function (arr) {
   return arr
 }
 
-var INVALID_BASE64_RE = /[^+\/0-9A-z]/g
+var INVALID_BASE64_RE = /[^+\/0-9A-Za-z]/g
 
 function base64clean (str) {
   // Node strips out invalid characters like \n and \t from the string, base64-js does not
diff --git a/_pages/payment-accuracy/assets/js/magnific-popup.js b/_pages/payment-accuracy/assets/js/magnific-popup.js
index dd6f751c..f8ca0db8 100644
--- a/_pages/payment-accuracy/assets/js/magnific-popup.js
+++ b/_pages/payment-accuracy/assets/js/magnific-popup.js
@@ -89,7 +89,7 @@
         },
         _getCloseBtn = function(type) {
             if(type !== _currPopupType || !mfp.currTemplate.closeBtn) {
-                mfp.currTemplate.closeBtn = $( mfp.st.closeMarkup.replace('%title%', mfp.st.tClose ) );
+                mfp.currTemplate.closeBtn = $( mfp.st.closeMarkup.replace('%title%', mfp.st.tClose) );
                 _currPopupType = type;
             }
             return mfp.currTemplate.closeBtn;
@@ -353,7 +353,7 @@
             $('html').css(windowStyles);
 
             // add everything to DOM
-            mfp.bgOverlay.add(mfp.wrap).prependTo( mfp.st.prependTo || $(document.body) );
+            mfp.bgOverlay.add(mfp.wrap).prependTo( mfp.st.prependTo ? $(document).find(mfp.st.prependTo) : $(document.body) );
 
             // Save last focused element
             mfp._lastFocusedEl = document.activeElement;
@@ -506,7 +506,10 @@
                 _mfpTrigger('FirstMarkupParse', markup);
 
                 if(markup) {
-                    mfp.currTemplate[type] = $(markup);
+                    var parser = new DOMParser();
+                    var doc = parser.parseFromString(markup, 'text/html');
+                    var sanitizedMarkup = doc.body.textContent || "";
+                    mfp.currTemplate[type] = $(sanitizedMarkup);
                 } else {
                     // if there is no markup found we just define that template is parsed
                     mfp.currTemplate[type] = true;
@@ -1857,4 +1860,4 @@
     });
 
     /*>>retina*/
-    _checkInstance(); }));
\ No newline at end of file
+    _checkInstance(); }));
diff --git a/_pages/payment-accuracy/assets/js/slick.js b/_pages/payment-accuracy/assets/js/slick.js
index 983dd27d..e6338068 100644
--- a/_pages/payment-accuracy/assets/js/slick.js
+++ b/_pages/payment-accuracy/assets/js/slick.js
@@ -14,18 +14,18 @@
  Issues: http://github.com/kenwheeler/slick/issues
 
  */
-/* global window, document, define, jQuery, setInterval, clearInterval */
+/* global window, document, define, jQuery, setInterval, clearInterval, DOMPurify */
 (function (factory) {
     'use strict';
     if (typeof define === 'function' && define.amd) {
-        define(['jquery'], factory);
+        define(['jquery', 'dompurify'], factory);
     } else if (typeof exports !== 'undefined') {
-        module.exports = factory(require('jquery'));
+        module.exports = factory(require('jquery'), require('dompurify'));
     } else {
-        factory(jQuery);
+        factory(jQuery, DOMPurify);
     }
 
-}(function ($) {
+}(function ($, DOMPurify) {
     'use strict';
     var Slick = window.Slick || {};
 
@@ -1459,7 +1459,7 @@
             $('img[data-lazy]', imagesScope).each(function () {
 
                 var image = $(this),
-                    imageSource = $(this).attr('data-lazy'),
+                    imageSource = DOMPurify.sanitize($(this).attr('data-lazy')),
                     imageToLoad = document.createElement('img');
 
                 imageToLoad.onload = function () {
@@ -1467,7 +1467,7 @@
                     image
                         .animate({ opacity: 0 }, 100, function () {
                             image
-                                .attr('src', imageSource)
+                                .attr('src', encodeURI(imageSource))
                                 .animate({ opacity: 1 }, 200, function () {
                                     image
                                         .removeAttr('data-lazy')
@@ -1489,7 +1489,7 @@
 
                 };
 
-                imageToLoad.src = imageSource;
+                imageToLoad.src = encodeURI(imageSource);
 
             });
 
@@ -1639,6 +1639,12 @@
 
         tryCount = tryCount || 1;
 
+        function sanitizeUrl(url) {
+            var a = document.createElement('a');
+            a.href = encodeURI(url);
+            return a.href;
+        }
+
         var _ = this,
             $imgsToLoad = $('img[data-lazy]', _.$slider),
             image,
@@ -1648,7 +1654,7 @@
         if ($imgsToLoad.length) {
 
             image = $imgsToLoad.first();
-            imageSource = image.attr('data-lazy');
+            imageSource = sanitizeUrl(image.attr('data-lazy'));
             imageToLoad = document.createElement('img');
 
             imageToLoad.onload = function () {
@@ -2891,4 +2897,4 @@
         return _;
     };
 
-}));
\ No newline at end of file
+}));
diff --git a/assets/js/blob-stream.js b/assets/js/blob-stream.js
index 2bbfee26..d2e1a9e7 100644
--- a/assets/js/blob-stream.js
+++ b/assets/js/blob-stream.js
@@ -1116,7 +1116,7 @@ Buffer._augment = function (arr) {
   return arr
 }
 
-var INVALID_BASE64_RE = /[^+\/0-9A-z]/g
+var INVALID_BASE64_RE = /[^+\/0-9A-Za-z]/g
 
 function base64clean (str) {
   // Node strips out invalid characters like \n and \t from the string, base64-js does not
diff --git a/assets/js/magnific-popup.js b/assets/js/magnific-popup.js
index dd6f751c..72a1a8af 100644
--- a/assets/js/magnific-popup.js
+++ b/assets/js/magnific-popup.js
@@ -353,7 +353,11 @@
             $('html').css(windowStyles);
 
             // add everything to DOM
-            mfp.bgOverlay.add(mfp.wrap).prependTo( mfp.st.prependTo || $(document.body) );
+            var prependToElement = $(document.body);
+            if (mfp.st.prependTo) {
+                prependToElement = $(document).find(mfp.st.prependTo);
+            }
+            mfp.bgOverlay.add(mfp.wrap).prependTo(prependToElement);
 
             // Save last focused element
             mfp._lastFocusedEl = document.activeElement;
@@ -506,7 +510,8 @@
                 _mfpTrigger('FirstMarkupParse', markup);
 
                 if(markup) {
-                    mfp.currTemplate[type] = $(markup);
+                    var sanitizedMarkup = $.parseHTML(markup);
+                    mfp.currTemplate[type] = $(sanitizedMarkup);
                 } else {
                     // if there is no markup found we just define that template is parsed
                     mfp.currTemplate[type] = true;
@@ -1857,4 +1862,4 @@
     });
 
     /*>>retina*/
-    _checkInstance(); }));
\ No newline at end of file
+    _checkInstance(); }));
diff --git a/assets/js/slick.js b/assets/js/slick.js
index 983dd27d..42c7af6a 100644
--- a/assets/js/slick.js
+++ b/assets/js/slick.js
@@ -15,6 +15,7 @@
 
  */
 /* global window, document, define, jQuery, setInterval, clearInterval */
+import DOMPurify from 'dompurify';
 (function (factory) {
     'use strict';
     if (typeof define === 'function' && define.amd) {
@@ -28,6 +29,7 @@
 }(function ($) {
     'use strict';
     var Slick = window.Slick || {};
+    var DOMPurify = require('dompurify');
 
     Slick = (function () {
 
@@ -1459,7 +1461,7 @@
             $('img[data-lazy]', imagesScope).each(function () {
 
                 var image = $(this),
-                    imageSource = $(this).attr('data-lazy'),
+                    imageSource = DOMPurify.sanitize($(this).attr('data-lazy')),
                     imageToLoad = document.createElement('img');
 
                 imageToLoad.onload = function () {
@@ -1648,7 +1650,7 @@
         if ($imgsToLoad.length) {
 
             image = $imgsToLoad.first();
-            imageSource = image.attr('data-lazy');
+            imageSource = DOMPurify.sanitize(image.attr('data-lazy'));
             imageToLoad = document.createElement('img');
 
             imageToLoad.onload = function () {
@@ -1695,7 +1697,7 @@
 
             };
 
-            imageToLoad.src = imageSource;
+            imageToLoad.src = encodeURI(imageSource);
 
         } else {
 
@@ -2891,4 +2893,4 @@
         return _;
     };
 
-}));
\ No newline at end of file
+}));