Update class-admin.php

Author: Mukesh Kumar

src/contact-form/class-admin.php

@@ -241,7 +241,7 @@ public function get_csv_export_section() {
 				<div class="export-card__body-cta">
 					<?php
 					// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- we're literally building all this html to output it
-					echo $button_csv_html;
+					// Allow expected HTML but strip unsafe tags: echo wp_kses_post( $button_csv_html );
 					// phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped -- we're literally building all this html to output it
 					echo wp_nonce_field( 'feedback_export', $this->export_nonce_field_csv, false, false );
 					?>