Post Title: fix special chars

[retrofox]

Description

This commit ensures setting rightly of the title content, escaping and unescaping from special chars.

How has this been tested?

Add special chars in the post title. Save. Check that the chars are not rightly escaped in the front-end.
It's possible to inject javascript from the title of the post:

Checklist:

• My code is tested.
• My code follows the WordPress code style.
• My code follows the accessibility standards.
• My code has proper inline documentation.
• I've included developer documentation if appropriate.
• I've updated all React Native files affected by any refactorings/renamings in this PR. .

[aduth]

See: #19898

I'm not sure about this change. What does it mean "setting rightly"? What issue is this fixing?

It's possible to inject javascript from the title of the post:

In the future, if there's a suspected security issue, I would recommend to follow the reporting process detailed at:

https://github.com/WordPress/gutenberg/blob/master/SECURITY.md

However, in this case, it's entirely intentional that a title can include HTML if the user has the correct permissions to be able to be able to do so.

See also: https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#why-are-some-users-allowed-to-post-unfiltered-html

Users with Administrator or Editor roles are allowed to publish unfiltered HTML in post titles, post content, and comments, and upload HTML files to the media library. WordPress is, after all, a publishing tool, and people need to be able to include whatever markup they need to communicate.

(Emphasis mine)

---

In #19898, I have recommended to revert this pull request. Would you foresee there being any unintended consequences of a revert?

[retrofox]

Hi, @aduth. Thanks for taking over the issue and giving feedback.

In #19898, I have recommended to revert this pull request. Would you foresee there being any unintended consequences of a revert?

After reading your comments and the more context about this, I think it's logical just reverting the PR. To be honest I think misunderstood the issue and consequently its solution. My bad :-(

We didn't get too much feedback on that moment so we proceeded to merge it. Glad to help with the revert PR, or helping in whatwever we need to go ahead.

[aduth]

No worries @retrofox . If anything, I just wanted to be extra clear what the expectations were, in case there would be any potential breakage from doing a revert. I've got a branch in progress already. There are a few other additional changes to account for, such as #19187. I can ping you when it's ready, in case you can help with the review.