-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Style engine: permit wp custom CSS properties #43071
Style engine: permit wp custom CSS properties #43071
Conversation
This approach might be completely bonkers. Hoping that someone will tell me 😄 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for exploring this @ramonjd! Are you imagining this as a replacement / alternative to #43004, or a follow-up?
The style engine code can eventually be deleted when core supports CSS custom properties.
Is there a trac ticket currently proposing adding being able to set CSS custom properties from safecss_filter_attr
? My understanding was that it was intentionally not allowed, but referencing an existing variable via var()
was allowed.
For cases like the Gallery block, and the custom properties in global styles, I wonder if we should include a style-engine specific allow list and/or use a "already validated" flag of some kind when we generate declarations. The idea being that if we're allowing things that safecss_filter_attr
doesn't allow, then we might want to be quite specific about it for the intended use cases, rather than trying to come up with something that exposes the behaviour outside of how we're generating styles for Gutenberg?
packages/style-engine/class-wp-style-engine-css-declarations.php
Outdated
Show resolved
Hide resolved
Thanks for thinking about this @andrewserong
It was supposed to be a follow up/enhancement. The quest here is to permit
All I could find was https://core.trac.wordpress.org/ticket/46498, but there's no patch attached. I couldn't find anything to support the argument against or for allowing CSS custom properties. I guess that's why the
This is the lo-fi version, and personally I think it'd be 100% fine. And to be honest, starting off more simply is probably better. A couple of related points come to mind:
The primary intention of this PR, regardless of whether |
It's an interesting one. From that discussion it looks like only I wasn't able to find any other discussion either, I'm sorry — I might've been thinking about previously Github PR discussions when folks have previously tried to add declaring CSS variables, but my memory on where or when is foggy! 😅
Good points. I think the theme author case is one of the reasons that I'm wondering if defining at call time rather than by a filter might make sense (e.g. kind of an equivalent to React's
For our current purposes, that sounds like a good idea to me — for block supports and global styles where there are user entered values, we do want those to be parsed at some point whether just prior to calling the style engine, or as part of the style engine itself. I'm not quite sure how we'd do this, but I wonder if there's some way for us to treat the desired CSS variable as the desired real CSS property... unfortunately given that declarations are currently For the global styles case, I suppose one of the other things to consider is that the settings and styles should already be sanitized before the style engine is called (e.g. in remove_insecure_settings and remove_secure_styles) so we might arguably have another case there where we want the style engine to pass through values rather than attempt to filter / sanitize them a second time? There's a neat bit of logic on this line where the "real" property associated with the CSS variable is used for the safe CSS declaration check: https://github.com/WordPress/wordpress-develop/blob/1cffa3f82b2de2df13e89767a4714de6fbe3de78/src/wp-includes/class-wp-theme-json.php#L1911 |
Thanks a lot for doing the heavy thinking on this @andrewserong ! I think you've convinced me to go the hard-coded route for now. We can always make it clever later. I guess with validation I was really thinking of 3rd party usage. Maybe later, as you say, we can work on a better validation method for the style engine as a separate task. 🙇 🙇 🙇 🙇 🙇 🙇 🙇 |
packages/style-engine/class-wp-style-engine-css-declarations.php
Outdated
Show resolved
Hide resolved
a15fcb3
to
959939e
Compare
Related trac ticket https://core.trac.wordpress.org/ticket/56353 Props to @aristath |
9245d83
to
0de7ef6
Compare
Looks like CSS custom properties will be supported in 6.1 https://core.trac.wordpress.org/ticket/56353 has been committed to WordPress trunk 🎉 |
0de7ef6
to
bdcf5ff
Compare
I've updated this PR with backward compatibility comments. I'm guessing Gutenberg will still need to support WordPress < 6.1 so, to continue development using CSS custom props, this PR is still valid. |
bdcf5ff
to
5d42cc4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just took this for another spin and quick smoke test, all looking good to me!
✅ Logic reads well, nice choice to just go with an allow list for the properties we want to deal with for the moment
✅ Tests are passing, and confirmed that https://core.trac.wordpress.org/ticket/56353 links to the correct fix in core for 6.1
LGTM! ✨
…p--*` custom properties
… custom properties.
…h safecss_filter_attr
5d42cc4
to
4bfdd3c
Compare
What?
A slight variation on @aristath's idea to add a custom CSS property check in the style engine.
How
Adds an array
VALID_CUSTOM_PROPERTIES
of valid CSS custom properties to check against.Why?
CSS custom properties don't pass the tests in
safecss_filter_attr()
at if ( in_array( $css_selector, $allowed_attr, true ) ) {.Testing Instructions
Run