Pledge Form: Allow HTML within descriptions.

Fixes #63

plugins/wporg-5ftf/includes/pledge-meta.php

@@ -36,9 +36,9 @@ function get_pledge_meta_config( $context = 'all' ) {
 	$user_input = array(
 		'org-description'  => array(
 			'single'            => true,
-			'sanitize_callback' => 'sanitize_text_field',
+			'sanitize_callback' => __NAMESPACE__ . '\sanitize_description',
 			'show_in_rest'      => true,
-			'php_filter'        => FILTER_SANITIZE_STRING,
+			'php_filter'        => FILTER_UNSAFE_RAW,
 		),
 		'org-name'         => array(
 			'single'            => true,
@@ -93,6 +93,21 @@ function get_pledge_meta_config( $context = 'all' ) {
 	return $return;
 }
 
+/**
+ * Sanitize description fields.
+ *
+ * @param string $insecure
+ *
+ * @return string
+ */
+function sanitize_description( $insecure ) {
+	$secure = wp_kses_data( $insecure );
+	$secure = wpautop( $secure );
+	$secure = wp_unslash( wp_rel_nofollow( $secure ) );
+
+	return $secure;
+}
+
 /**
  * Register post meta keys for the custom post type.
  *

themes/wporg-5ftf/single-5ftf_pledge.php

@@ -49,7 +49,7 @@ get_header(); ?>
 				<h2><?php esc_html_e( 'About', 'wporg' ); ?></h2>
 
 				<div class="pledge-company-description">
-					<?php echo wp_kses_post( wpautop( $post->{ META_PREFIX . 'org-description' } ) ); ?>
+					<?php echo wp_kses_data( wpautop( $post->{ META_PREFIX . 'org-description' } ) ); ?>
 				</div>
 
 				<?php if ( ! empty( $contributors ) ) : ?>

themes/wporg-5ftf/template-parts/content-5ftf_pledge.php

@@ -53,7 +53,7 @@ $contributor_title = sprintf(
 
 	<div class="entry-content">
 		<?php
-			echo wp_kses_post( $content );
+			echo wpautop( wp_kses_data( $content ) );
 		?>
 		
 		<div class="pledge-contributors">