I realized that I had an incorrect understanding of user privileges.
updated emulsion today β About sanitizing custom HTML blocks and confirmed that it was sanitized successfully. I added a comment, but something didn’t make sense and I was confused.
My understanding was that “unfiltered_html only applies to administrators”.
When I actually looked into it again, it turned out to be a mistake.
Multi-site super administrator (Super Admin) has “unfiltered_html permission enabled”
However, the multisite editor (Editor) has “unfiltered_html permission disabled”
Single site administrator (Administrator) has “unfiltered_html permission enabled”
Editor also has “unfiltered_html permission enabled”
When I got there, I happened to “retest with contributor privileges” and the problem was resolved.
I am reflecting on the appropriate understanding and results of appropriate tests.
So, although it’s not something I should write because I’m doing something like this, I’d like to leave a note about single site permissions.
Below is the admin panel menu displayed for each permission in the emulsion theme.
If you do not have administrator privileges, the menu to open the site editor will not be displayed.
There is also no link to customize in the admin bar.
Administrators and editors can write style and script tags without restrictions in custom HTML blocks.
With this incident, it has become clear that the HTML restriction function based on WordPress permissions is working properly.
I think it will be very useful if you are unable to write advanced HTML due to the functionality of the block editor, so please give it a try.
