Many tags allow users to directly specify CSS properties - [size], [color], [align], [list] among others.

While Twig escapes these to ensure they can't break out of the style="" attribute, it doesn't do anything about a semicolon. It's a bit silly if [size=1em;color:red] works, since a big point of having these tags at all is to give fine control over what CSS properties can be set.

It might be enough to wrap it in apostrophes.

CommentFileSizeAuthor
#5 2629256-regression-Can-t-quote-CSS-values.patch3.29 KBcburschka

Comments

cburschka created an issue. See original summary.

  • cburschka committed 32845f4 on 8.x-3.x 
    Issue #2629256: Quote CSS values

The tag options may contain semicolons...
cburschka’s picture

cburschka
they
commented
Status: Active » Fixed
cburschka’s picture

cburschka
they
commented
Status: Fixed » Needs work

That was kind of dumb. CSS doesn't recognize it.

Guess |replace(';','') is the way to go here.

cburschka’s picture

cburschka
they
commented
Status: Needs work » Needs review
StatusFileSize
new 2629256-regression-Can-t-quote-CSS-values.patch3.29 KB

  • cburschka committed f9406bc on 8.x-3.x 
    Issue #2629256 regression: Can't quote CSS values.

Instead of quoting...
cburschka’s picture

cburschka
they
commented
Status: Needs review » Fixed

  • cburschka committed 32845f4 on 9.x-1.x 
    Issue #2629256: Quote CSS values

The tag options may contain semicolons...
  • cburschka committed f9406bc on 9.x-1.x
    Issue #2629256 regression: Can't quote CSS values.

Instead of quoting...

  • cburschka committed 32845f4 on 9.x-2.x 
    Issue #2629256: Quote CSS values

The tag options may contain semicolons...
  • cburschka committed f9406bc on 9.x-2.x
    Issue #2629256 regression: Can't quote CSS values.

Instead of quoting...

  • cburschka committed 0629ce1 on 8.x-3.x 
    Issue #2629256: Remove quotes from [font] CSS.

This slipped through the...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.