<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    Here's you a quick way to sanitize and validate colors (with hash)

    that I pulled from core:<br>

    <br>

    $color = preg_replace( '|^#([A-Fa-f0-9]{3}){1,2}$|', '', $color );<br>

    <br>

    You should also make sure your input elements only allow 6 or 7 (if

    you're expecting a hash mark) characters with the "maxlength"

    attribute.<br>

    <br>

    <div class="moz-cite-prefix">On 2/4/2013 8:03 AM, Chip Bennett

      wrote:<br>

    </div>

    <blockquote

cite="mid:CAPdLKqeyVKuv4a8vy8fwuUFKZ3kJ5EVYmd8XLuvTxkHBJG+SDQ@mail.gmail.com"

      type="cite">

      <div dir="ltr">The rules regarding allowable functions are

        different for Themes and Plugins. Plugins can use read/write

        functions such as file_get_contents(), etc.; Themes cannot. So,

        csstidy() may be appropriate for the JetPack Plugin, but it

        won't be for Themes.

        <div>

          <br>

        </div>

        <div style="">That said, you don't need anything that bulky

          anyway. All you *have* to do is to ensure that it's not

          unsafe. For that, you could probably use <a

            moz-do-not-send="true"

href="http://core.trac.wordpress.org/browser/tags/3.5.1/wp-includes/kses.php#L0">one

            of the WordPress KSES functions</a>, such as <a

            moz-do-not-send="true"

            href="http://codex.wordpress.org/Function_Reference/wp_filter_kses">wp_filter_kses()</a>,

          inside your register_setting() validation callback.</div>

        <div style=""><br>

        </div>

        <div style="">Also, be sure your stand-alone Theme is approved

          prior to submitting any Child Themes for it. One of the

          guidelines for Child Themes is that its parent Theme must

          already be approved in the repository.</div>

        <div style=""><br>

        </div>

        <div style="">Regards,</div>

        <div style="">Chip</div>

      </div>

      <div class="gmail_extra"><br>

        <br>

        <div class="gmail_quote">On Mon, Feb 4, 2013 at 8:04 AM, &Uuml;nsal

          Korkmaz <span dir="ltr">&lt;<a moz-do-not-send="true"

              href="mailto:unsalkorkmaz@gmail.com" target="_blank">unsalkorkmaz@gmail.com</a>&gt;</span>

          wrote:<br>

          <blockquote class="gmail_quote" style="margin:0 0 0

            .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>

            <div class="gmail_quote">I released <a

                moz-do-not-send="true"

                href="http://themes.trac.wordpress.org/ticket/10967"

                target="_blank">1 parent</a>, <a moz-do-not-send="true"

                href="http://themes.trac.wordpress.org/ticket/11003"

                target="_blank">1 child theme</a> this week. These are

              my first theme contribution to WordPress community so its

              my first time i am submitting themes to directory. When i

              upload parent theme from <a moz-do-not-send="true"

                href="http://wordpress.org/extend/themes/upload/"

                target="_blank">http://wordpress.org/extend/themes/upload/</a>

              &nbsp; i got <br>

              <b>WARNING: file_get_contents in class.csstidy_print.php</b>

              error and system denied my theme automatically. I got

              csstidy codes from <a moz-do-not-send="true"

                href="http://jetpack.me/support/custom-css/"

                target="_blank">Jetpack plugin's Custom Css</a> module

              but still system didnt accept it. Basically custom css

              sanitizing is an important subject in my opinion and there

              is no default wordpress function like&nbsp;<a

                moz-do-not-send="true"

                href="http://codex.wordpress.org/Function_Reference/esc_attr"

                target="_blank">esc_attr()</a>.<br>

              Probably csstidy class is not best solution but it was

              best option i had and it seems its not accepting in theme

              directory. So what is best sanitizing custom css way for

              themes?

            </div>

            <br>

            <br>

            _______________________________________________<br>

            theme-reviewers mailing list<br>

            <a moz-do-not-send="true"

              href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a><br>

            <a moz-do-not-send="true"

              href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers"

              target="_blank">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a><br>

            <br>

          </blockquote>

        </div>

        <br>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

theme-reviewers mailing list

<a class="moz-txt-link-abbreviated" href="mailto:theme-reviewers@lists.wordpress.org">theme-reviewers@lists.wordpress.org</a>

<a class="moz-txt-link-freetext" href="http://lists.wordpress.org/mailman/listinfo/theme-reviewers">http://lists.wordpress.org/mailman/listinfo/theme-reviewers</a>

</pre>

    </blockquote>

    <br>

  </body>

</html>