WordPress · glendaviesnz · Dec 20, 2022 · Dec 20, 2022 · Dec 22, 2022 · Dec 23, 2022
@@ -2702,16 +2702,21 @@ public static function remove_insecure_properties( $theme_json ) {
 
 		$theme_json = static::sanitize( $theme_json, $valid_block_names, $valid_element_names );
 
-		$blocks_metadata = static::get_blocks_metadata();
-		$style_nodes     = static::get_style_nodes( $theme_json, $blocks_metadata );
+		$blocks_metadata                 = static::get_blocks_metadata();
+		$style_nodes                     = static::get_style_nodes( $theme_json, $blocks_metadata );
+		$can_user_edit_global_custom_css = apply_filters( 'enable_global_styles_custom_css', current_user_can( 'unfiltered_html' ) );
 
 		foreach ( $style_nodes as $metadata ) {
 			$input = _wp_array_get( $theme_json, $metadata['path'], array() );
 			if ( empty( $input ) ) {
 				continue;
 			}
-
-			$output = static::remove_insecure_styles( $input );
+			// The global styles custom CSS is not sanitized, but can only be edited by default by users with unfiltered_html capability.
+			if ( is_array( $input ) && 'css' === key( $input ) && $can_user_edit_global_custom_css ) {
+				$output = $input;
+			} else {
+				$output = static::remove_insecure_styles( $input );
+			}
 
 			/*
 			 * Get a reference to element name from path.

@@ -13,6 +13,8 @@
  * @return array New block editor settings.
  */
 function gutenberg_get_block_editor_settings_6_2( $settings ) {
+	$can_user_edit_global_custom_css = apply_filters( 'enable_global_styles_custom_css', current_user_can( 'unfiltered_html' ) );
-	$can_user_edit_global_custom_css = apply_filters( 'enable_global_styles_custom_css', current_user_can( 'unfiltered_html' ) );
+	$can_user_edit_global_custom_css = apply_filters( 'enable_global_styles_custom_css', current_user_can( 'edit_css' ) );
-	$can_user_edit_global_custom_css = apply_filters( 'enable_global_styles_custom_css', current_user_can( 'unfiltered_html' ) );
+	$can_user_edit_global_custom_css = apply_filters( 'enable_global_styles_custom_css', current_user_can( 'edit_css' ) );
+
 	if ( wp_theme_has_theme_json() ) {
 		// Add the custom CSS as separate style sheet so any invalid CSS entered by users does not break other global styles.
 		$settings['styles'][] = array(
@@ -21,7 +23,7 @@ function gutenberg_get_block_editor_settings_6_2( $settings ) {
 			'isGlobalStyles' => true,
 		);
 	}
-
+	$settings['__experimentalCanUserEditGlobalCustomCSS'] = ! $can_user_edit_global_custom_css ? false : true;
 	return $settings;
 }
 

@@ -89,9 +89,6 @@ function gutenberg_enable_experiments() {
 	if ( $gutenberg_experiments && array_key_exists( 'gutenberg-block-inspector-tabs', $gutenberg_experiments ) ) {
 		wp_add_inline_script( 'wp-block-editor', 'window.__experimentalEnableBlockInspectorTabs = true', 'before' );
 	}
-	if ( $gutenberg_experiments && array_key_exists( 'gutenberg-global-styles-custom-css', $gutenberg_experiments ) ) {
-		wp_add_inline_script( 'wp-block-editor', 'window.__experimentalEnableGlobalStylesCustomCSS = true', 'before' );
-	}
 }
 
 add_action( 'admin_init', 'gutenberg_enable_experiments' );
@@ -89,22 +89,6 @@ function gutenberg_initialize_experiments_settings() {
 		)
 	);
 
-	add_settings_field(
-		'gutenberg-global-styles-custom-css',
-		__( 'Global styles custom css ', 'gutenberg' ),
-		'gutenberg_display_experiment_field',
-		'gutenberg-experiments',
-		'gutenberg_experiments_section',
-		array(
-			'label' => sprintf(
-				/* translators: %s: WordPress documentation for roles and capabilities. */
-				__( 'Test the Global Styles custom CSS field in the site editor. This requires a user to have <a href="%s">unfiltered html capabilities</a>.', 'gutenberg' ),
-				'https://wordpress.org/support/article/roles-and-capabilities/#unfiltered_html'
-			),
-			'id'    => 'gutenberg-global-styles-custom-css',
-		)
-	);
-
 	register_setting(
 		'gutenberg-experiments',
 		'gutenberg-experiments'

diff --git a/packages/edit-site/src/components/global-styles/screen-root.js b/packages/edit-site/src/components/global-styles/screen-root.js
@@ -16,6 +16,7 @@ import { isRTL, __ } from '@wordpress/i18n';
 import { chevronLeft, chevronRight } from '@wordpress/icons';
 import { useSelect } from '@wordpress/data';
 import { store as coreStore } from '@wordpress/core-data';
+import { store as blockEditorStore } from '@wordpress/block-editor';
 
 /**
  * Internal dependencies
@@ -26,6 +27,11 @@ import ContextMenu from './context-menu';
 import StylesPreview from './preview';
 
 function ScreenRoot() {
+	const canUserEditGlobalCustomCSS = useSelect( ( select ) => {
+		const { getSettings } = select( blockEditorStore );
+		return getSettings().__experimentalCanUserEditGlobalCustomCSS;
+	} );
+
 	const { variations } = useSelect( ( select ) => {
 		return {
 			variations:
@@ -35,8 +41,6 @@ function ScreenRoot() {
 		};
 	}, [] );
 
-	const __experimentalGlobalStylesCustomCSS =
-		window?.__experimentalEnableGlobalStylesCustomCSS;
 	return (
 		<Card size="small">
 			<CardBody>
@@ -102,7 +106,7 @@ function ScreenRoot() {
 				</ItemGroup>
 			</CardBody>
 
-			{ __experimentalGlobalStylesCustomCSS && (
+			{ canUserEditGlobalCustomCSS && (
 				<>
 					<CardDivider />
 					<CardBody>