[wp-trac] [WordPress Trac] #64418: Valid CSS is causing failure in the Additional CSS panel
WordPress Trac
noreply at wordpress.org
Mon Dec 15 17:55:36 UTC 2025
#64418: Valid CSS is causing failure in the Additional CSS panel
--------------------------+---------------------
Reporter: drw158 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 7.0
Component: Customize | Version: 4.7
Severity: normal | Resolution:
Keywords: needs-patch | Focuses: css
--------------------------+---------------------
Comment (by westonruter):
The problematic code is [https://github.com/WordPress/wordpress-
develop/blob/eda8d9d27b129ac48143af7d9c2df595dc172e44/src/wp-
includes/customize/class-wp-customize-custom-css-setting.php#L166-L168
located] in `WP_Customize_Custom_CSS_Setting::validate()`:
{{{#!php
<?php
if ( preg_match( '#</?\w+#', $css ) ) {
$validity->add( 'illegal_markup', __( 'Markup is not allowed in
CSS.' ) );
}
}}}
Clearly this is very naïve and it should be removed.
Commenting out that logic allows the setting to save, but then the angle
brackets get stripped out:
{{{#!css
@property --animate {
syntax: "";
inherits: true;
initial-value: false;
}
}}}
The problem then is inside `wp_custom_css_cb()`
([https://github.com/WordPress/wordpress-
develop/blob/eda8d9d27b129ac48143af7d9c2df595dc172e44/src/wp-
includes/theme.php#L1968-L1981 source]) because it runs the CSS through
`strip_tags()`.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64418#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list