[wp-trac] [WordPress Trac] #39198: Harden validation of CSS syntax validity by utilizing tokenizer (was: Additional CSS (With Italian Localization) Bug)
WordPress Trac
noreply at wordpress.org
Fri Dec 9 17:14:45 UTC 2016
#39198: Harden validation of CSS syntax validity by utilizing tokenizer
--------------------------+--------------------
Reporter: dan.sed | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.7.1
Component: Customize | Version: 4.7
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
--------------------------+--------------------
Comment (by westonruter):
Yes, I agree. In fact, there is a
[https://core.trac.wordpress.org/browser/tags/4.7/src/wp-
includes/customize/class-wp-customize-custom-css-setting.php#L159 todo
comment] in `WP_Customize_Custom_CSS::validate()` setting to implement
this:
> There are cases where valid CSS can be incorrectly marked as invalid
when strings or comments include balancing characters. To fix, CSS
tokenization needs to be used.
The current approach to validating syntax via regular expressions is too
naïve.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39198#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list