diff --git a/apply.html b/apply.html
index 3f11d06..60958cc 100644
--- a/apply.html
+++ b/apply.html
@@ -130,45 +130,7 @@
     </style>
   </head>
   <body>
-    <button class="theme-toggle" id="themeToggle" aria-label="Toggle theme">
-      <svg
-        class="sun-icon"
-        xmlns="http://www.w3.org/2000/svg"
-        width="24"
-        height="24"
-        viewBox="0 0 24 24"
-        fill="none"
-        stroke="currentColor"
-        stroke-width="2"
-        stroke-linecap="round"
-        stroke-linejoin="round"
-      >
-        <circle cx="12" cy="12" r="5"></circle>
-        <line x1="12" y1="1" x2="12" y2="3"></line>
-        <line x1="12" y1="21" x2="12" y2="23"></line>
-        <line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line>
-        <line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line>
-        <line x1="1" y1="12" x2="3" y2="12"></line>
-        <line x1="21" y1="12" x2="23" y2="12"></line>
-        <line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line>
-        <line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line>
-      </svg>
-      <svg
-        class="moon-icon"
-        xmlns="http://www.w3.org/2000/svg"
-        width="24"
-        height="24"
-        viewBox="0 0 24 24"
-        fill="none"
-        stroke="currentColor"
-        stroke-width="2"
-        stroke-linecap="round"
-        stroke-linejoin="round"
-      >
-        <path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"></path>
-      </svg>
-    </button>
-
+    <!-- theme-toggle button is injected by theme.js -->
     <div class="apply-container">
       <a href="index.html" class="back-link">← Back to Home</a>
 
diff --git a/brand.html b/brand.html
index f60fcc6..01216a1 100644
--- a/brand.html
+++ b/brand.html
@@ -76,44 +76,7 @@
     </style>
   </head>
   <body>
-    <button class="theme-toggle" id="themeToggle" aria-label="Toggle theme">
-      <svg
-        class="sun-icon"
-        xmlns="http://www.w3.org/2000/svg"
-        width="24"
-        height="24"
-        viewBox="0 0 24 24"
-        fill="none"
-        stroke="currentColor"
-        stroke-width="2"
-        stroke-linecap="round"
-        stroke-linejoin="round"
-      >
-        <circle cx="12" cy="12" r="5"></circle>
-        <line x1="12" y1="1" x2="12" y2="3"></line>
-        <line x1="12" y1="21" x2="12" y2="23"></line>
-        <line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line>
-        <line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line>
-        <line x1="1" y1="12" x2="3" y2="12"></line>
-        <line x1="21" y1="12" x2="23" y2="12"></line>
-        <line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line>
-        <line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line>
-      </svg>
-      <svg
-        class="moon-icon"
-        xmlns="http://www.w3.org/2000/svg"
-        width="24"
-        height="24"
-        viewBox="0 0 24 24"
-        fill="none"
-        stroke="currentColor"
-        stroke-width="2"
-        stroke-linecap="round"
-        stroke-linejoin="round"
-      >
-        <path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"></path>
-      </svg>
-    </button>
+    <!-- theme-toggle button is injected by theme.js -->
     <div class="container single-column">
       <div style="margin-bottom: 12px">
         <a href="index.html" class="back-link">← Back to Home</a>
@@ -319,6 +282,8 @@ <h3>Licensing & permissions</h3>
           .replace(/>/g, "&gt;");
       }
       function highlightHtml(s) {
+        // Input is always the output of makeHtml() — a bounded, machine-generated
+        // string, never free user input — so ReDoS is not a concern here.
         let escaped = escapeHtml(s);
         escaped = escaped.replace(
           /("[^"]*")/g,
@@ -328,8 +293,9 @@ <h3>Licensing & permissions</h3>
           /([a-zA-Z-:]+)(=)/g,
           '<span class="token-attr">$1</span>$2',
         );
+        // Use greedy [^&]* (not lazy) — no nested quantifiers, no backtracking risk.
         escaped = escaped.replace(
-          /(&lt;\/?[a-zA-Z0-9-]+)([^&]*?)(&gt;)/g,
+          /(&lt;\/?[a-zA-Z0-9-]+)([^&]*)(&gt;)/g,
           '<span class="token-tag">$1</span>$2<span class="token-tag">$3</span>',
         );
         return escaped;
diff --git a/donate.html b/donate.html
index 002ec9c..e563639 100644
--- a/donate.html
+++ b/donate.html
@@ -191,45 +191,7 @@
     </style>
   </head>
   <body>
-    <button class="theme-toggle" id="themeToggle" aria-label="Toggle theme">
-      <svg
-        class="sun-icon"
-        xmlns="http://www.w3.org/2000/svg"
-        width="24"
-        height="24"
-        viewBox="0 0 24 24"
-        fill="none"
-        stroke="currentColor"
-        stroke-width="2"
-        stroke-linecap="round"
-        stroke-linejoin="round"
-      >
-        <circle cx="12" cy="12" r="5"></circle>
-        <line x1="12" y1="1" x2="12" y2="3"></line>
-        <line x1="12" y1="21" x2="12" y2="23"></line>
-        <line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line>
-        <line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line>
-        <line x1="1" y1="12" x2="3" y2="12"></line>
-        <line x1="21" y1="12" x2="23" y2="12"></line>
-        <line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line>
-        <line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line>
-      </svg>
-      <svg
-        class="moon-icon"
-        xmlns="http://www.w3.org/2000/svg"
-        width="24"
-        height="24"
-        viewBox="0 0 24 24"
-        fill="none"
-        stroke="currentColor"
-        stroke-width="2"
-        stroke-linecap="round"
-        stroke-linejoin="round"
-      >
-        <path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"></path>
-      </svg>
-    </button>
-
+    <!-- theme-toggle button is injected by theme.js -->
     <div class="apply-container">
       <a href="index.html" class="back-link">← Back to Home</a>
 
diff --git a/index.html b/index.html
index b7d2ed9..59954af 100644
--- a/index.html
+++ b/index.html
@@ -25,44 +25,7 @@
     <noscript>
       <p class="noscript-notice">JavaScript is required to use this site.</p>
     </noscript>
-    <button class="theme-toggle" id="themeToggle" aria-label="Toggle theme">
-      <svg
-        class="sun-icon"
-        xmlns="http://www.w3.org/2000/svg"
-        width="24"
-        height="24"
-        viewBox="0 0 24 24"
-        fill="none"
-        stroke="currentColor"
-        stroke-width="2"
-        stroke-linecap="round"
-        stroke-linejoin="round"
-      >
-        <circle cx="12" cy="12" r="5"></circle>
-        <line x1="12" y1="1" x2="12" y2="3"></line>
-        <line x1="12" y1="21" x2="12" y2="23"></line>
-        <line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line>
-        <line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line>
-        <line x1="1" y1="12" x2="3" y2="12"></line>
-        <line x1="21" y1="12" x2="23" y2="12"></line>
-        <line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line>
-        <line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line>
-      </svg>
-      <svg
-        class="moon-icon"
-        xmlns="http://www.w3.org/2000/svg"
-        width="24"
-        height="24"
-        viewBox="0 0 24 24"
-        fill="none"
-        stroke="currentColor"
-        stroke-width="2"
-        stroke-linecap="round"
-        stroke-linejoin="round"
-      >
-        <path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"></path>
-      </svg>
-    </button>
+    <!-- theme-toggle button is injected by theme.js -->
     <div class="container">
       <div class="left-section">
         <div class="profile">
diff --git a/theme.js b/theme.js
index cedabf8..f563519 100644
--- a/theme.js
+++ b/theme.js
@@ -1,5 +1,5 @@
 // Simple theme initialization and toggle handling.
-// Sets html[data-theme] on load and wires #themeToggle click.
+// Sets html[data-theme] on load, injects #themeToggle if absent, and wires click.
 (function(){
   const html = document.documentElement;
 
@@ -29,13 +29,43 @@
     return next;
   }
 
+  // Inject the shared theme-toggle button into <body> so pages don't each need
+  // to duplicate the markup.  Any page that already contains #themeToggle keeps
+  // its own element unchanged.  Called only from init(), which itself only runs
+  // once the DOM is ready, so document.body is always available at this point.
+  function injectThemeToggleButton(){
+    if (!document.body) return null;
+    const btn = document.createElement('button');
+    btn.className = 'theme-toggle';
+    btn.id = 'themeToggle';
+    btn.setAttribute('aria-label', 'Toggle theme');
+    btn.innerHTML =
+      '<svg class="sun-icon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">' +
+        '<circle cx="12" cy="12" r="5"></circle>' +
+        '<line x1="12" y1="1" x2="12" y2="3"></line>' +
+        '<line x1="12" y1="21" x2="12" y2="23"></line>' +
+        '<line x1="4.22" y1="4.22" x2="5.64" y2="5.64"></line>' +
+        '<line x1="18.36" y1="18.36" x2="19.78" y2="19.78"></line>' +
+        '<line x1="1" y1="12" x2="3" y2="12"></line>' +
+        '<line x1="21" y1="12" x2="23" y2="12"></line>' +
+        '<line x1="4.22" y1="19.78" x2="5.64" y2="18.36"></line>' +
+        '<line x1="18.36" y1="5.64" x2="19.78" y2="4.22"></line>' +
+      '</svg>' +
+      '<svg class="moon-icon" xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">' +
+        '<path d="M21 12.79A9 9 0 1 1 11.21 3 7 7 0 0 0 21 12.79z"></path>' +
+      '</svg>';
+    document.body.appendChild(btn);
+    return btn;
+  }
+
   function init(){
     const saved = getSavedTheme();
     const theme = saved || detectSystem();
     applyTheme(theme);
     if (!saved) saveTheme(theme);
 
-    const btn = document.getElementById('themeToggle');
+    let btn = document.getElementById('themeToggle');
+    if (!btn) btn = injectThemeToggleButton();
     if (btn) btn.addEventListener('click', toggleTheme);
   }