Malformed CSS properties leak AMP validation error past the sanitizer #4113
Description
Bug Description
When a theme or plugin adds CSS like the following:
body {
transition: all .3s ease-in-out;
-webkit-transition: all .3s ease-in-out;
-moz-transition: all .3s ease-in-out;
-0-transition: all .3s ease-in-out;
}Notice the -0-transition. This causes an AMP validation error:
CSS syntax error in tag 'style amp-custom' - invalid declaration.
The same thing happens in a theme like organic-lite (on WordPress.org) which has instances of an invalid property 4z-index:1;.
Expected Behaviour
Such invalid CSS properties should be removed by the style sanitizer.
Steps to reproduce
- Add a Custom HTML block with the above CSS in a
<style>...</style>tag. - Publish the post.
- View the AMP version.
- See an AMP validation error.
Screenshots
Additional context
- WordPress version:
- Plugin version:
- Gutenberg plugin version (if applicable):
- AMP plugin template mode:
- PHP version:
- OS:
- Browser: [e.g. chrome, safari]
- Device: [e.g. iPhone6]
Do not alter or remove anything below. The following sections will be managed by moderators only.
Acceptance criteria
- No AMP validation error should occur on the frontend. The invalid property should either be removed entirely by the PHP-CSS-Parser, or else the invalid property should raise an internal validation error.
Implementation brief
It is not clear to me whether this should be fixed in the AMP plugin or rather in PHP-CSS-Parser. I think it actually should be addressed in the latter because such CSS is actually a syntax error:
So I think the PHP-CSS-Parser should be updated to strip such invalid properties from the parsed rules.
QA testing instructions
- Add a Custom HTML block with the following CSS:
body {
transition: all .3s ease-in-out;
-webkit-transition: all .3s ease-in-out;
-moz-transition: all .3s ease-in-out;
-0-transition: all .3s ease-in-out;
}- Publish the post.
- View the AMP version.
- Verify: The CSS does not generate a validation error.