Additional CSS complains of markup inside CSS comments

[useStrict]

When adding CSS to a site via Appearance > Customize > Additional CSS, the syntax validator will complain if it finds markup regardless of it being inside a /* */ comment.

Steps to replicate:

1. Go to Admin > Appearance > Customize > Additional CSS
2. Add a comment with some markup in it

/* this is <a> markup test */

3. Hit Publish
4. See attached error message - but note that no indicator as to what line contains the markup appears.

The only workaround is to remove the markup from the comment.

Ideally the syntax validator should not care about anything in CSS comment blocks.

[useStrict]

Error message regarding markup inside CSS comment

[sabernhardt]

Most of the PHP validation for Additional CSS was replaced in [41376], but the check for the existence of an HTML tag (pattern) is still there.
https://core.trac.wordpress.org/browser/tags/5.5/src/wp-includes/customize/class-wp-customize-custom-css-setting.php#L162

If keeping the tag check in PHP, it would need to make sure all matches to that pattern are not inside comments to pass the validation.

Technically, though, there are workarounds. Currently acceptable methods include adding a space after the first angle bracket or replacing the angle brackets with Markdown-style inline code syntax.

/* comment with < a > tag */
/* comment with `a` tag */

[celloexpressions]

The HTML validation is in place for security reasons (at least originally). I believe the primary It might be possible to allow it when specifically scoped within comments, as long as there's a secure way to enforce that check.

[sabernhardt]

This does not have a patch yet, and it involves a regular expression. I recommend closing the ticket.

[sabernhardt]

In comment:3:ticket:64418, @westonruter suggested editing how the CSS is validated.

[westonruter]

Let's close this as a duplicate of #64418 and address the fix in that fresh ticket.