[wp-trac] [WordPress Trac] #39218: Customize: Harden validation of CSS syntax validity by utilizing tokenizer
WordPress Trac
noreply at wordpress.org
Sat Dec 10 00:52:02 UTC 2016
#39218: Customize: Harden validation of CSS syntax validity by utilizing tokenizer
--------------------------+-------------------------
Reporter: westonruter | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.8
Component: Customize | Version: 4.7
Severity: normal | Keywords: needs-patch
Focuses: |
--------------------------+-------------------------
There is a [https://core.trac.wordpress.org/browser/tags/4.7/src/wp-
includes/customize/class-wp-customize-custom-css-setting.php#L159 todo
comment] in `WP_Customize_Custom_CSS::validate()` setting to implement
this:
> There are cases where valid CSS can be incorrectly marked as invalid
when strings or comments include balancing characters. To fix, CSS
tokenization needs to be used.
The current approach to validating syntax via regular expressions is too
naïve.
See #39198.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39218>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list