Hi @bryan, in talking through this with @dac.chartrand I think our preference would be to follow the WordPress approach, where in a multisite context only super admins (who have the unfiltered_html() capability) can bypass sanitization routines when creating/saving posts. Would this work for your use case? It would mean that super admins could import from WordPress XML files that contain iframes without issue, but other users would still be subject to the sanitizing that is applied in all other contexts. This would make the behaviour consistent. What are your thoughts?