#39218 closed defect (bug) (fixed)
Customize: Harden validation of CSS syntax validity by utilizing tokenizer
Reported by: | westonruter | Owned by: | |
---|---|---|---|
Milestone: | 4.9 | Priority: | normal |
Severity: | normal | Version: | 4.7 |
Component: | Customize | Keywords: | |
Focuses: | Cc: |
Description
There is a todo comment in WP_Customize_Custom_CSS::validate()
setting to implement this:
There are cases where valid CSS can be incorrectly marked as invalid when strings or comments include balancing characters. To fix, CSS tokenization needs to be used.
The current approach to validating syntax via regular expressions is too naïve.
See #39198.
Change History (10)
#4
@
8 years ago
I think that once a proper syntax-highlighting code editor is added for custom CSS (in #38707) this will eliminate the need for having server-side validation and we can eliminate it entirely. This once #38707 is closed this ticket should be resolved as wontfix, or it should be changed to remove the current validation logic.
#6
@
8 years ago
I just noticed that this will be parsed ok:
[all}is)fine]here{or(not?
We could check if latest parenthesis of a kind is an opening one (or first one is a closing one)
#7
@
8 years ago
@Presskopp yes, hence the need for a tokenizer that then feeds into a parser which can then count the number of such braces and ensure they are coming in the expected order.
In 39559: