Fix error message sanitization

[wilmersondasilva]

Description

After upgrading from 4.6.0 to 4.6.2 the error messages have started to be interpreted as text instead of HTML. To the projects that use auth0_verify_email_page this can break the entire error page. This bug was reported on issue #910.

My solution was to use wp_kses_post instead of just wp_kses to sanitize the error messages. This allows the projects to use any HTML tag already allowed in any WordPress post, so it's a safe way to sanitize the error messages.

References

Issue #910

Testing

You can test it by generating authentication errors and checking if the error message is correctly interpreted as HTML instead of text.

• [ ] This change adds test coverage for new/changed/fixed functionality

Checklist

• [ ] I have added documentation for new/changed functionality in this PR or in auth0.com/docs
• [ ] All active GitHub checks for tests, formatting, and security are passing
• [ ] The correct base branch is being used, if not the default branch

[martin-mith]

Hello - can we get someone assigned to review the issue? Thank you.