The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Co-authored-by: getdave <[email protected]>
Co-authored-by: mikachan <[email protected]>
Co-authored-by: scruffian <[email protected]>
Co-authored-by: talldan <[email protected]>

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

I just noticed, I think there's an inconsistency in the PHP frontend code:

• Line 195: $title is sanitized with wp_kses_post() to preserve HTML
• Line 207 (button): Uses esc_html( $title ) - double-escapes the already-sanitized HTML, so <strong> shows as text
• Line 210 (link): Uses $title directly - renders HTML correctly since it's already sanitized

Should we also fix this inconsistency? We could remove esc_html() from line 207 to match line 210, since $title is already sanitized with wp_kses_post().

Size Change: +35 B (0%)

Total Size: 2.54 MB

_{compressed-size-action}

Flaky tests detected in cb33217.
Some tests passed with failed attempts. The failures may not be related to this commit but are still reported for visibility. See the documentation for more information.

🔍 Workflow run URL: https://github.com/WordPress/gutenberg/actions/runs/19734481992
📝 Reported issues:

• [Flaky Test] All navigation links should default to the body color and submenus and mobile overlay should default to a white background with black text #55304 in /test/e2e/specs/editor/blocks/navigation-colors.spec.js

It is possible to add HTML tags to page names and have them outputted in the editor.

@scruffian safeHTML strips all the nasty stuff out and leaves just formatting and allowed items. It's like wp_kses_* The function is designed to be a lightweight security measure for HTML content in the editor context.

I also noticed this, and my vote would be to remove esc_html() from line 207, as the title is already sanitized. It's a small change so I think it would be fine to include as part of this PR.

@mikachan I think to be safe I'll put it in a followup just so it's easy to isolate if it causes any knock on effects that folks weren't expecting.

@mikachan @scruffian Follow up in #73641