[wp-trac] [WordPress Trac] #64771: Existing block level custom CSS in a post breaks when the post is edited by user without unfiltered_html

WordPress Trac noreply at wordpress.org
Wed Mar 25 09:43:19 UTC 2026 

#64771: Existing block level custom CSS in a post breaks when the post is edited by
user without unfiltered_html
--------------------------------------+---------------------
 Reporter:  glendaviesnz              |       Owner:  (none)
     Type:  defect (bug)              |      Status:  new
 Priority:  high                      |   Milestone:  7.0
Component:  Editor                    |     Version:  trunk
 Severity:  critical                  |  Resolution:
 Keywords:  has-patch has-unit-tests  |     Focuses:
--------------------------------------+---------------------

Comment (by jonsurrell):

 Replying to [comment:42 jorbin]:
 > [There have concerns] about the idea of just adding a notice as it won't
 stop users from potentially breaking a page without the ability to unbreak
 it.

 This is a fair concern, however it's not unique to this situation. If a
 user with `unfiltered_html` creates a post with a custom HTML block with
 CSS and/or JavaScript and another user edits it, the content will be
 mangled. This has long been the case because post content will be filtered
 based on the user saving the post.

 Furthermore, I don't know what a proper solution would look like. One
 could imagine applying filters only to the blocks that were actually
 modified in an edit, but nothing like that exists right now.

 In practice, I believe this situation is uncommon because unprivileged
 users like authors often don't have access to edit posts by more
 privileged users like admins. In my testing, it's necessary to create a
 post as an admin and then change the post author to another user in order
 for them to access and edit it.

 I think the proposed solution (show a warning) is an acceptable solution
 right now. It's better than the custom HTML blocks and strikes a balance
 between respecting capabilities while allowing users to make informed
 decisions.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/64771#comment:45>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list