To make the themes more secure, every
echo $something output must be serialized. Nothing wrong with that, this is how it should be.
the_content() outputs everything. You can use
<script> tags in it, which is kind of vulnerable and defeats the purpose of escaping everything else. If we escape it with echo
wp_kses_post(get_the_content) , it no longer can contain iframes and now the native video embedding of Worpdress doesn’t work.
How you deal with this and what is your solution to the problem?