`The unfiltered_html capability` Error, even though i have admin role

[TGoddessana]

First, thank you for developing this great plugin. I'm glad I discovered it recently.

However, I'm getting an error while using this. When I add the code block at the beginning, as shown below, it adds fine.

However, when I save this post as a draft and try to edit it again, I get an error message like the one below.

I'm the only user on my site, so it's pretty self-explanatory that I'm the admin. As you can see below, I have the admin role.

This happened out of the blue, and it's very disconcerting. What can I do to fix it? (For the record, I'm not using multisite).

[KevinBatdorf]

Hey, thanks for reporting this. Do you know how to check the browser console? Can you type in the console:

window.codeBlockPro

And share the output? It should look like this:

If it says false for the canSaveHtml then the server check for current_user_can('unfiltered_html') is returning false. I don't know why it would return false, but I can investigate more if that's the case.

If it's returning null or undefined, then something is wrong with the WP installation.

Can you also try changing to English, just to see if that changes anything?

[TGoddessana]

sure. there are two cases:

1. when i first create code block pro
2. save the post to draft, and reload the editor.(f5)

the "canSaveHtml" key is disappeared..

[TGoddessana]

also changed the language to english, and same.

[KevinBatdorf]

Can you try the typical debugging routine and disable all other plugins? The only think I can think of is another plugin has some sort of filter running.

Can you also switch to a default theme? Just to test.

Otherwise I can't really understand why or how that would happen. I'd like to help debug though.

[TGoddessana]

SURE, this is all list of my WP Plugins.

AND OMG.. this works.

Do any of the plugins I use have any predictors as to which ones are likely to have an impact? If not, I'll try to turn them on one by one and test them out.

[TGoddessana]

@KevinBatdorf the reason was Yoast SEO plugin. What more can we do to help you debug?

[KevinBatdorf]

Interesting. Great find! That's a popular plugin of course so I would think someone else would have reported the issue if it's common, which makes me think it's a custom setting you have in Yoast?

I'll install Yoast and see if I can reproduce it. If I can reproduce it i should be able to fix it.

[TGoddessana]

I'm intrigued, too. Actually, I think I just installed the plugin, but didn't set any other details... (if I remember correctly, lol)

anyway, this is all setting file from YoastSEO plugin export.

; These are settings for the Yoast SEO plugin by Yoast.com

[wpseo]
tracking = 
toggled_tracking = 
license_server_version = "false"
ms_defaults_set = 
ignore_search_engines_discouraged_notice = 
indexing_first_time = 
indexing_started = 
indexing_reason = "first_install"
indexables_indexing_completed = 1
index_now_key = ""
version = "20.7"
previous_version = "20.6"
disableadvanced_meta = 1
enable_headless_rest_endpoints = 1
ryte_indexability = 
baiduverify = ""
googleverify = ""
msverify = ""
yandexverify = ""
site_type = ""
has_multiple_authors = ""
environment_type = ""
content_analysis_active = 1
keyword_analysis_active = 1
inclusive_language_analysis_active = 1
enable_admin_bar_menu = 1
enable_cornerstone_content = 1
enable_xml_sitemap = 1
enable_text_link_counter = 1
enable_index_now = 1
show_onboarding_notice = 1
first_activated_on = "1672162543"
myyoast-oauth = 
semrush_integration_active = 1
semrush_country_code = "us"
permalink_structure = "/%category%/%postname%/"
home_url = "https://gdsanadev.com"
dynamic_permalinks = 
category_base_url = ""
tag_base_url = ""
custom_taxonomy_slugs[] = 
custom_taxonomy_slugs[] = 
custom_taxonomy_slugs[] = 
custom_taxonomy_slugs[] = 
custom_taxonomy_slugs[] = 
custom_taxonomy_slugs[] = 
custom_taxonomy_slugs[] = 
custom_taxonomy_slugs[] = 
enable_enhanced_slack_sharing = 1
zapier_integration_active = 
zapier_api_key = ""
enable_metabox_insights = 1
enable_link_suggestions = 1
algolia_integration_active = 
workouts_data[] = 
configuration_finished_steps[] = "siteRepresentation"
configuration_finished_steps[] = "socialProfiles"
configuration_finished_steps[] = "personalPreferences"
dismiss_configuration_workout_notice = 
dismiss_premium_deactivated_notice = 
dismiss_old_premium_version_notice = ""
importing_completed[] = 
importing_completed[] = 
importing_completed[] = 
importing_completed[] = 
importing_completed[] = 
importing_completed[] = 
wincher_integration_active = 1
wincher_automatically_add_keyphrases = 
wincher_website_id = ""
wordproof_integration_active = 
wordproof_integration_changed = 
first_time_install = 
should_redirect_after_install_free = 
activation_redirect_timestamp_free = 
remove_feed_global = 
remove_feed_global_comments = 
remove_feed_post_comments = 
remove_feed_authors = 
remove_feed_categories = 
remove_feed_tags = 
remove_feed_custom_taxonomies = 
remove_feed_post_types = 
remove_feed_search = 
remove_atom_rdf_feeds = 
remove_shortlinks = 
remove_rest_api_links = 
remove_rsd_wlw_links = 
remove_oembed_links = 
remove_generator = 
remove_emoji_scripts = 
remove_powered_by_header = 
remove_pingback_header = 
clean_campaign_tracking_urls = 
clean_permalinks = 
clean_permalinks_extra_variables = ""
search_cleanup = 
search_cleanup_emoji = 
search_cleanup_patterns = 
search_character_limit = 50
deny_search_crawling = 
deny_wp_json_crawling = 
redirect_search_pretty_urls = 
indexables_page_reading_list[] = 
indexables_page_reading_list[] = 
indexables_page_reading_list[] = 
indexables_page_reading_list[] = 
indexables_page_reading_list[] = 
indexables_overview_state = "dashboard-not-visited"
last_known_public_post_types[] = "post"
last_known_public_post_types[] = "page"
last_known_public_post_types[] = "attachment"
last_known_public_post_types[] = "avada_portfolio"
last_known_public_post_types[] = "avada_faq"
last_known_public_post_types[] = "slide"
last_known_public_taxonomies[] = "category"
last_known_public_taxonomies[] = "post_tag"
last_known_public_taxonomies[] = "post_format"
last_known_public_taxonomies[] = "fusion_tb_category"
last_known_public_taxonomies[] = "portfolio_category"
last_known_public_taxonomies[] = "portfolio_skills"
last_known_public_taxonomies[] = "portfolio_tags"
last_known_public_taxonomies[] = "faq_category"
last_known_public_taxonomies[] = "slide-page"
last_known_public_taxonomies[] = "element_category"
last_known_public_taxonomies[] = "template_category"
last_known_no_unindexed[] = 
last_known_no_unindexed[] = 
last_known_no_unindexed[] = 
last_known_no_unindexed[] = 
last_known_no_unindexed[] = 
last_known_no_unindexed[] = 

[wpseo_titles]
forcerewritetitle = 
separator = "sc-dash"
title-home-wpseo = "%%sitename%% %%page%% %%sep%% %%sitedesc%%"
title-author-wpseo = "%%name%%, Author at %%sitename%% %%page%%"
title-archive-wpseo = "%%date%% %%page%% %%sep%% %%sitename%%"
title-search-wpseo = "You searched for %%searchphrase%% %%page%% %%sep%% %%sitename%%"
title-404-wpseo = "Page not found %%sep%% %%sitename%%"
social-title-author-wpseo = "%%name%%"
social-title-archive-wpseo = "%%date%%"
social-description-author-wpseo = ""
social-description-archive-wpseo = ""
social-image-url-author-wpseo = ""
social-image-url-archive-wpseo = ""
social-image-id-author-wpseo = 0
social-image-id-archive-wpseo = 0
metadesc-home-wpseo = ""
metadesc-author-wpseo = ""
metadesc-archive-wpseo = ""
rssbefore = ""
rssafter = "The post %%POSTLINK%% appeared first on %%BLOGLINK%%."
noindex-author-wpseo = 
noindex-author-noposts-wpseo = 1
noindex-archive-wpseo = 1
disable-author = 
disable-date = 
disable-post_format = 
disable-attachment = 1
breadcrumbs-404crumb = "Error 404: Page not found"
breadcrumbs-display-blog-page = 
breadcrumbs-boldlast = 
breadcrumbs-archiveprefix = "Archives for"
breadcrumbs-enable = 1
breadcrumbs-home = "Home"
breadcrumbs-prefix = ""
breadcrumbs-searchprefix = "You searched for"
breadcrumbs-sep = "»"
website_name = ""
person_name = ""
person_logo = "https://gdsanadev.com/wp-content/uploads/2023/01/logo-1.png"
person_logo_id = 16221
alternate_website_name = ""
company_logo = ""
company_logo_id = 0
company_logo_meta = 
person_logo_meta[] = 
person_logo_meta[] = 
person_logo_meta[] = 
person_logo_meta[] = 
person_logo_meta[] = 
person_logo_meta[] = 
person_logo_meta[] = 
person_logo_meta[] = 
person_logo_meta[] = 
person_logo_meta[] = 
company_name = "GDsanaDEV"
company_alternate_name = ""
company_or_person = "person"
company_or_person_user_id = 1
stripcategorybase = 
open_graph_frontpage_title = "%%sitename%%"
open_graph_frontpage_desc = ""
open_graph_frontpage_image = ""
open_graph_frontpage_image_id = 0
title-post = "%%title%% %%page%% %%sep%% %%sitename%%"
metadesc-post = ""
noindex-post = 
display-metabox-pt-post = 1
post_types-post-maintax = 0
schema-page-type-post = "WebPage"
schema-article-type-post = "Article"
social-title-post = "%%title%%"
social-description-post = ""
social-image-url-post = ""
social-image-id-post = 0
title-page = "%%title%% %%page%% %%sep%% %%sitename%%"
metadesc-page = ""
noindex-page = 
display-metabox-pt-page = 1
post_types-page-maintax = 0
schema-page-type-page = "WebPage"
schema-article-type-page = "None"
social-title-page = "%%title%%"
social-description-page = ""
social-image-url-page = ""
social-image-id-page = 0
title-attachment = "%%title%% %%page%% %%sep%% %%sitename%%"
metadesc-attachment = ""
noindex-attachment = 
display-metabox-pt-attachment = 1
post_types-attachment-maintax = 0
schema-page-type-attachment = "WebPage"
schema-article-type-attachment = "None"
title-tax-category = "%%term_title%% Archives %%page%% %%sep%% %%sitename%%"
metadesc-tax-category = ""
display-metabox-tax-category = 1
noindex-tax-category = 
social-title-tax-category = "%%term_title%% Archives"
social-description-tax-category = ""
social-image-url-tax-category = ""
social-image-id-tax-category = 0
taxonomy-category-ptparent = 0
title-tax-post_tag = "%%term_title%% Archives %%page%% %%sep%% %%sitename%%"
metadesc-tax-post_tag = ""
display-metabox-tax-post_tag = 1
noindex-tax-post_tag = 
social-title-tax-post_tag = "%%term_title%% Archives"
social-description-tax-post_tag = ""
social-image-url-tax-post_tag = ""
social-image-id-tax-post_tag = 0
taxonomy-post_tag-ptparent = 0
title-tax-post_format = "%%term_title%% Archives %%page%% %%sep%% %%sitename%%"
metadesc-tax-post_format = ""
display-metabox-tax-post_format = 
noindex-tax-post_format = 1
social-title-tax-post_format = "%%term_title%% Archives"
social-description-tax-post_format = ""
social-image-url-tax-post_format = ""
social-image-id-tax-post_format = 0
taxonomy-post_format-ptparent = 0
title-tax-fusion_tb_category = "%%term_title%% Archives %%page%% %%sep%% %%sitename%%"
metadesc-tax-fusion_tb_category = ""
display-metabox-tax-fusion_tb_category = 1
noindex-tax-fusion_tb_category = 
social-title-tax-fusion_tb_category = "%%term_title%% Archives"
social-description-tax-fusion_tb_category = ""
social-image-url-tax-fusion_tb_category = ""
social-image-id-tax-fusion_tb_category = 0
taxonomy-fusion_tb_category-ptparent = 0
title-avada_portfolio = "%%title%% %%page%% %%sep%% %%sitename%%"
metadesc-avada_portfolio = ""
noindex-avada_portfolio = 
display-metabox-pt-avada_portfolio = 1
post_types-avada_portfolio-maintax = 0
schema-page-type-avada_portfolio = "WebPage"
schema-article-type-avada_portfolio = "None"
social-title-avada_portfolio = "%%title%%"
social-description-avada_portfolio = ""
social-image-url-avada_portfolio = ""
social-image-id-avada_portfolio = 0
title-ptarchive-avada_portfolio = "%%pt_plural%% Archive %%page%% %%sep%% %%sitename%%"
metadesc-ptarchive-avada_portfolio = ""
bctitle-ptarchive-avada_portfolio = ""
noindex-ptarchive-avada_portfolio = 
social-title-ptarchive-avada_portfolio = "%%pt_plural%% Archive"
social-description-ptarchive-avada_portfolio = ""
social-image-url-ptarchive-avada_portfolio = ""
social-image-id-ptarchive-avada_portfolio = 0
title-avada_faq = "%%title%% %%page%% %%sep%% %%sitename%%"
metadesc-avada_faq = ""
noindex-avada_faq = 1
display-metabox-pt-avada_faq = 1
post_types-avada_faq-maintax = 0
schema-page-type-avada_faq = "WebPage"
schema-article-type-avada_faq = "None"
social-title-avada_faq = "%%title%%"
social-description-avada_faq = ""
social-image-url-avada_faq = ""
social-image-id-avada_faq = 0
title-ptarchive-avada_faq = "%%pt_plural%% Archive %%page%% %%sep%% %%sitename%%"
metadesc-ptarchive-avada_faq = ""
bctitle-ptarchive-avada_faq = ""
noindex-ptarchive-avada_faq = 
social-title-ptarchive-avada_faq = "%%pt_plural%% Archive"
social-description-ptarchive-avada_faq = ""
social-image-url-ptarchive-avada_faq = ""
social-image-id-ptarchive-avada_faq = 0
title-slide = "%%title%% %%page%% %%sep%% %%sitename%%"
metadesc-slide = ""
noindex-slide = 1
display-metabox-pt-slide = 1
post_types-slide-maintax = 0
schema-page-type-slide = "WebPage"
schema-article-type-slide = "None"
social-title-slide = "%%title%%"
social-description-slide = ""
social-image-url-slide = ""
social-image-id-slide = 0
title-tax-portfolio_category = "%%term_title%% Archives %%page%% %%sep%% %%sitename%%"
metadesc-tax-portfolio_category = ""
display-metabox-tax-portfolio_category = 1
noindex-tax-portfolio_category = 
social-title-tax-portfolio_category = "%%term_title%% Archives"
social-description-tax-portfolio_category = ""
social-image-url-tax-portfolio_category = ""
social-image-id-tax-portfolio_category = 0
taxonomy-portfolio_category-ptparent = 0
title-tax-portfolio_skills = "%%term_title%% Archives %%page%% %%sep%% %%sitename%%"
metadesc-tax-portfolio_skills = ""
display-metabox-tax-portfolio_skills = 1
noindex-tax-portfolio_skills = 
social-title-tax-portfolio_skills = "%%term_title%% Archives"
social-description-tax-portfolio_skills = ""
social-image-url-tax-portfolio_skills = ""
social-image-id-tax-portfolio_skills = 0
taxonomy-portfolio_skills-ptparent = 0
title-tax-portfolio_tags = "%%term_title%% Archives %%page%% %%sep%% %%sitename%%"
metadesc-tax-portfolio_tags = ""
display-metabox-tax-portfolio_tags = 1
noindex-tax-portfolio_tags = 
social-title-tax-portfolio_tags = "%%term_title%% Archives"
social-description-tax-portfolio_tags = ""
social-image-url-tax-portfolio_tags = ""
social-image-id-tax-portfolio_tags = 0
taxonomy-portfolio_tags-ptparent = 0
title-tax-faq_category = "%%term_title%% Archives %%page%% %%sep%% %%sitename%%"
metadesc-tax-faq_category = ""
display-metabox-tax-faq_category = 1
noindex-tax-faq_category = 
social-title-tax-faq_category = "%%term_title%% Archives"
social-description-tax-faq_category = ""
social-image-url-tax-faq_category = ""
social-image-id-tax-faq_category = 0
taxonomy-faq_category-ptparent = 0
title-tax-slide-page = "%%term_title%% Archives %%page%% %%sep%% %%sitename%%"
metadesc-tax-slide-page = ""
display-metabox-tax-slide-page = 1
noindex-tax-slide-page = 
social-title-tax-slide-page = "%%term_title%% Archives"
social-description-tax-slide-page = ""
social-image-url-tax-slide-page = ""
social-image-id-tax-slide-page = 0
taxonomy-slide-page-ptparent = 0
title-tax-element_category = "%%term_title%% Archives %%page%% %%sep%% %%sitename%%"
metadesc-tax-element_category = ""
display-metabox-tax-element_category = 1
noindex-tax-element_category = 
social-title-tax-element_category = "%%term_title%% Archives"
social-description-tax-element_category = ""
social-image-url-tax-element_category = ""
social-image-id-tax-element_category = 0
taxonomy-element_category-ptparent = 0
title-tax-template_category = "%%term_title%% Archives %%page%% %%sep%% %%sitename%%"
metadesc-tax-template_category = ""
display-metabox-tax-template_category = 1
noindex-tax-template_category = 
social-title-tax-template_category = "%%term_title%% Archives"
social-description-tax-template_category = ""
social-image-url-tax-template_category = ""
social-image-id-tax-template_category = 0
taxonomy-template_category-ptparent = 0

[wpseo_social]
facebook_site = ""
instagram_url = ""
linkedin_url = ""
myspace_url = ""
og_default_image = ""
og_default_image_id = ""
og_frontpage_title = ""
og_frontpage_desc = ""
og_frontpage_image = ""
og_frontpage_image_id = ""
opengraph = 1
pinterest_url = ""
pinterestverify = ""
twitter = 1
twitter_site = ""
twitter_card_type = "summary_large_image"
youtube_url = ""
wikipedia_url = ""
mastodon_url = ""

[KevinBatdorf]

I tried importing those settings and nothing changed for me.

Some more things maybe related:

• Are you on a multi site wp installl?
• Can you delete Yoast and reinstall it? Maybe it's crashing for some reason
• Can you go into code-block-pro.php and just set canSaveHtml to true and see if that changes anything?

If you want to solve it with a work around and move on, something like this something work:

// put inside functions.php or elsewhere php can run (mu-plugin, etc.)
add_action('admin_init', function () {
    wp_add_inline_script('kevinbatdorf-code-block-pro-editor-script', 'window.codeBlockPro.canSaveHtml = true;');
}, 100);

This would allow anyone to edit, but you have unfiltered_html blocked for a specific user (hopefully Yoast isn't causing this for your admin account), it will strip out a lot of the html before saving and look broken on the frontend.

[TGoddessana]

1. no, i have single wp site..(Just out of curiosity, I assume this picture refers to a single site, right?)

   

2. i deleted it and the same.

3. i have a problem with host login, so i did that in javascript and it worked (

   

Just out of curiosity, I deleted the yoast seo plugin and installed and ran another seo plugin (all in seo) and the same thing happened. My guess is that there is something that all SEO related plugins touch in common.

[KevinBatdorf]

That's so strange. What if you deactivate all plugins except the code block and the SEO plugin? I'm wondering if it's the presence of two plugins conflicting with each other, like an seo plugin and the bluehost plugin.

Just to be thorough can you also try https://wordpress.org/plugins/autodescription/ ?

[TGoddessana]

sure, i tried this plugins:

and it works.

I just tested it one by one, and found that the problem was reproduced when I activated two plugins: the AVADA BUILDER plugin and the YOAST SEO plugin.

So, to summarize,

"The problem occurs when the YOAST SEO plugin and the AVADA BUILDER plugin are active at the same time"

seems to be the case.

so this works,too.

[KevinBatdorf]

That's a premium plugin right? You might want to contact their support and share this conversation with them. If they have a conflict with Yoast that breaks functionality in other plugins, they'd (hopefully) want to fix that.

But for your site, did you try the filter I recommended? Did that resolve it?

[TGoddessana]

i tried this:

and still doesn't works.

and tried this also.. not works

bruh.

[KevinBatdorf]

They must be doing something to remove it. Another option is to add the JavaScript code to a file that you load on the admin.

There may be a plugin for adding JS like that. I'm afk today but can give better instructions tomorrow if you don't figure it out.

window.codeBlockPro.canSaveHtml = true;

Even if you type that directly in the browser console it will unlock it. You'd have to trigger state update though (add a new block, open the sidebar, etc.)

[TGoddessana]

thanks for helping me. i'll try for it. :)

[KevinBatdorf]

If its still not working let me know and I'll help debug some more. Will close the issue for now though otherwise

[karstengresch]

I wonder why this capability is needed at all???

[KevinBatdorf]

It's needed because of the svg copy button and header svg decorations.

[karstengresch]

Thanks @KevinBatdorf! For blogs with multiple editors it'd be great if the SVG could be replaced by something more "old-fashioned" in favor of more security... I'd love to file a separate issue unless you disapprove it from the beginning here :)

Anyway - happy user, if you run it for your own blog, it rocks, it's just the best I found after years of reasearch (honestly)!

[KevinBatdorf]

Yeah that makes sense to me. I'll rethink the current implementation and figure out a better approach.