[wp-trac] [WordPress Trac] #35395: Provide a better gateway for code-based theme customizations with the Customizer
WordPress Trac
noreply at wordpress.org
Fri Sep 2 16:54:51 UTC 2016
#35395: Provide a better gateway for code-based theme customizations with the
Customizer
-----------------------------------------+-------------------------
Reporter: celloexpressions | Owner: johnregan3
Type: feature request | Status: assigned
Priority: normal | Milestone: 4.7
Component: Customize | Version:
Severity: normal | Resolution:
Keywords: has-screenshots needs-patch | Focuses:
-----------------------------------------+-------------------------
Changes (by westonruter):
* keywords: dev-feedback has-screenshots needs-patch => has-screenshots
needs-patch
Comment:
@joyously the customizer-supplied CSS should be printed _after_ any
enqueued stylesheets are printed. So it would come last in the cascade. I
don't think there should be an option to come first, but rather to decide
it comes last.
And yes, we talked about using a new custom post type for storing the
theme CSS. The CSS would be stored in `post_content` and each theme would
have their own instance of this post type to store the CSS for that theme
(like a theme mod is tied to the theme). The `post_content` would not
include the `<style>` tag. I would think the CSS would be printed into the
document as a `<style>` element as opposed to `link` an external
stylesheet, but maybe not. The CSSTidy library would ensure that only
valid CSS is saved to avoid an XSS vulnerability as you've described.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35395#comment:17>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list