Using late escaping principles, it would make sense to me that if HTML is being stored in messages that each output target would be responsible for its own escaping, so we could use wp_kses to define the subset of HTML that is supported in the admin, while CLI strips all tags.
Followup from https://github.com/WordPress/plugin-check/issues/312
Currently we dont allow HTML tags in messages.
Opinions:
Originally posted by @joemcgill in https://github.com/WordPress/plugin-check/issues/312#issuecomment-1864730259
Originally posted by @felixarntz in https://github.com/WordPress/plugin-check/issues/312#issuecomment-1864803007
We need to finalize the Acceptance Criteria including list of tags those should be allowed.