From 987265aa456387f4e536c96e598f9dfea20e79f9 Mon Sep 17 00:00:00 2001
From: Daniel Richards <daniel.richards@automattic.com>
Date: Wed, 24 Jan 2024 01:51:08 +0800
Subject: [PATCH] Update block bindings to use wp_kses_post for block content
 (#58055)

---
 lib/experimental/block-bindings/class-wp-block-bindings.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/experimental/block-bindings/class-wp-block-bindings.php b/lib/experimental/block-bindings/class-wp-block-bindings.php
index 7eb443dd367a6..fedc652688a24 100644
--- a/lib/experimental/block-bindings/class-wp-block-bindings.php
+++ b/lib/experimental/block-bindings/class-wp-block-bindings.php
@@ -101,7 +101,7 @@ public function replace_html( $block_content, $block_name, $block_attr, $source_
 						foreach ( $selector_attribute_names as $name ) {
 							$selector_attrs[ $name ] = $block_reader->get_attribute( $name );
 						}
-						$selector_markup = "<$selector>" . esc_html( $source_value ) . "</$selector>";
+						$selector_markup = "<$selector>" . wp_kses_post( $source_value ) . "</$selector>";
 						$amended_content = new WP_HTML_Tag_Processor( $selector_markup );
 						$amended_content->next_tag();
 						foreach ( $selector_attrs as $attribute_key => $attribute_value ) {