[wp-trac] [WordPress Trac] #35395: Provide a better gateway for code-based theme customizations with the Customizer
WordPress Trac
noreply at wordpress.org
Sat Jul 30 17:41:40 UTC 2016
#35395: Provide a better gateway for code-based theme customizations with the
Customizer
-------------------------------------------------+-------------------------
Reporter: celloexpressions | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: Future
Component: Customize | Release
Severity: normal | Version:
Keywords: dev-feedback has-patch has- | Resolution:
screenshots | Focuses:
-------------------------------------------------+-------------------------
Changes (by celloexpressions):
* keywords: needs-patch dev-feedback => dev-feedback has-patch has-
screenshots
Comment:
[attachment:35395.diff] adds basic validation for balanced braces and
unclosed code comments, providing user feedback when either of those
common mistakes occur. It also adds an outline for `sanitize_css`.
CSSTidy checks ''everything'' against a whitelist of allowed properties
and values. That seems wildly inappropriate for core, as we'd need to
maintain the whitelist as CSS evolves. It also optimizes the CSS, which
probably isn't necessary given the purpose of this feature.
What exactly is required for sanitizing CSS? @ocean90 @rabmalin do you
have any additional information here? Let's put together an approach that
is secure but doesn't go overboard and beyond the scope of security to
unnecessarily modify the user's input.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35395#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list