wp_kses_post escaping doesn't appear to work as described?

https://developer.wordpress.org/plugins/security/securing-output/ describes wp_kses_post as:

Alternative version of wp_kses() that automatically allows all HTML that is permitted in post content.

But, that's not correct. As far as I can tell, absolutely any HTML is accepted into post content, whereas wp_kses_post excludes many tags: script, style, iframe, meta, etc.

So, is this description wrong or is my understanding wrong?

Themes and plugins require escaping, so if you really want to allow all the same HTML that the post editor allows on a custom textarea, what's the true method?

Topic escaping Wordpress

Category Web

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.