Make WordPress Core

Opened 3 years ago

Last modified 4 months ago

#45168 new defect (bug)

Additional CSS complains of markup inside CSS comments

Reported by: useStrict Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 4.7
Component: Customize Keywords: needs-patch
Focuses: Cc:


When adding CSS to a site via Appearance > Customize > Additional CSS, the syntax validator will complain if it finds markup regardless of it being inside a /* */ comment.

Steps to replicate:

  1. Go to Admin > Appearance > Customize > Additional CSS
  2. Add a comment with some markup in it

/* this is <a> markup test */

  1. Hit Publish
  2. See attached error message - but note that no indicator as to what line contains the markup appears.

The only workaround is to remove the markup from the comment.

Ideally the syntax validator should not care about anything in CSS comment blocks.

Attachments (1)

Screenshot 2018-10-24 16.16.17.png (24.3 KB) - added by useStrict 3 years ago.
Error message regarding markup inside CSS comment

Download all attachments as: .zip

Change History (5)

3 years ago

Error message regarding markup inside CSS comment

#1 @SergeyBiryukov
3 years ago

  • Component changed from General to Customize

#2 @dlh
22 months ago

  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to Future Release
  • Version changed from 4.9.8 to 4.7

#3 @sabernhardt
10 months ago

Most of the PHP validation for Additional CSS was replaced in [41376], but the check for the existence of an HTML tag (pattern) is still there.

If keeping the tag check in PHP, it would need to make sure all matches to that pattern are not inside comments to pass the validation.

Technically, though, there are workarounds. Currently acceptable methods include adding a space after the first angle bracket or replacing the angle brackets with Markdown-style inline code syntax.

/* comment with < a > tag */
/* comment with `a` tag */
Last edited 10 months ago by sabernhardt (previous) (diff)

#4 @celloexpressions
4 months ago

The HTML validation is in place for security reasons (at least originally). I believe the primary It might be possible to allow it when specifically scoped within comments, as long as there's a secure way to enforce that check.

Note: See TracTickets for help on using tickets.