Opened 6 years ago
Closed 4 years ago
#4108 closed enhancement (reported-upstream)
Update CSS sanitization safelist to support variables
Reported by: | iandunn | Owned by: | |
---|---|---|---|
Milestone: | Priority: | high | |
Component: | WordCamp Site & Plugins | Keywords: | needs-patch good-first-bug |
Cc: |
Description
Most browsers support CSS variables now, but they're stripped out by the Jetpack validation process, or the Remote CSS sanitization process.
https://wordpress.slack.com/archives/C08M59V3P/p1548543160179600
Either way, it's probably just because the syntax is new, and the safelist needs to be updated to support it.
- Determine which code needs to be updated (Jetpack's Custom CSS module, WordCamp.org's
mu-plugins/jetpack-tweaks/css-sanitization.php
, or both) - If Jetpack, open an issue on their GitHub and add a link to this report
- If Remote CSS, add unit tests, and create patch to make them pass. If there are any ways to inject JavaScript, expressions, etc through the new syntax, then tests should be written for that as well. If the problem turns out to be in
sanitize_urls_in_css_properties()
, let me know before writing a patch since I have some notes about a potential bug there.
Change History (4)
This ticket was mentioned in Slack in #meta-wordcamp by coreymckrill. View the logs.
6 years ago
This ticket was mentioned in Slack in #meta-wordcamp by ryelle. View the logs.
4 years ago
Note: See
TracTickets for help on using
tickets.
This ticket has been moved to GitHub https://github.com/WordPress/wordcamp.org/issues/574