[wp-trac] [WordPress Trac] #36391: Create a hook to handle dynamic CSS?
WordPress Trac
noreply at wordpress.org
Fri Sep 11 03:36:33 UTC 2020
#36391: Create a hook to handle dynamic CSS?
-----------------------------+--------------------------
Reporter: CarlosRios | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone:
Component: Script Loader | Version:
Severity: normal | Resolution:
Keywords: | Focuses: performance
-----------------------------+--------------------------
Comment (by lgedeon):
@CarlosRios Please see the concerns mentioned in
https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html#rule-4
-css-encode-and-strictly-validate-before-inserting-untrusted-data-into-
html-style-property-values
We would need to develop a good way to sanitize dynamic css before
attempting something like this. I ran into this ticket while looking to
see if a ticket on css sanitization exists. Haven't found it yet.
Anyway, I know this looks simple and I really like the idea, but the
sanitization side is a really tough issue we will have to solve first.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36391#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list