MediaWiki library which implements a CSS tokenizer, parser and grammar matcher in PHP that mostly follows the CSS Syntax Module Level 3 candidate recommendation dated 20 February 2014, the CSS Values and Units Module Level 3, and the CSS Selectors Level 3 grammar.
It also provides a sanitizer that recognizes various CSS3 modules.
Code repository: rCSSS
@Ioaxxere I can also take over some time later if you like to though I might the same chance as you but I think developing the patch can be a fun by itself also.
@Ioaxxere I'm not maintainer there and my patches struggle to get merged so you can ignore my feedback but I want to say for the ease of finding reviewer on the patch please add Bug: T216897 in the below of your commit message there, add a test and add appropriate links, https://gerrit.wikimedia.org/r/c/css-sanitizer/+/1070601 may help as an example. https://www.w3.org/TR/2021/WD-css-sizing-4-20210520/#sizing-values can be a better link to add to README, inline comment and the changelog and since you are adding fit-content, I think you should also add stretch and contain in addition to fit-content, at least completing one section of a specification if not all of it.
Change #1050724 merged by jenkins-bot:
[css-sanitizer@master] Add CSS Logical 1 Properties support
https://gerrit.wikimedia.org/r/1050724
@Jdlrobson I think you might be testing it incorrectly. Browser support for dark mode can be pretty confusing, there are various settings called dark mode which don't actually set dark mode as defined by the CSS spec. (E.g. on Ubuntu at least, Chrome will always use the OS setting for dark mode, even though it has a "dark mode" flag in the settings menu and another one in the theming sidebar, those change the color scheme of the browser itself but don't actually trigger dark mode in the web content.) I don't think css-sanitizer does anything incorrectly here.
I would guess you have some other override. This works for me in live preview:
Accepting :root as a valid pre-text (like body and html are today) might be a good idea that would possibly correct this? It probably wouldn't take much effort to extend how that's done. I'm not sure if
CSS Tricks blog article indicates that media queries like this work only from the root? But yes, a quick Google indicates that the CSS is valid (and I have wished it worked, so I guess I'm glad I know it does now). As such, I think it would be incorrect to change CSS sanitizer to reject this CSS.
I also noticed it, it's displayed on MDN prominently, though I think it may have showed up on a Discord server I frequent first. From what I can see, the source data is web-platform-dx/web-features/tree/main/features. I don't understand how they get from the YAML files there to the .dist files. For example, <search> is currently "newly available" at MDN, which I suppose matches the search.yml.dist baseline: "low", but search.yml does not have an assertion that I can see indicating its baseline, and search.yml.dist indicates you're supposed to edit the source file, which I can only assume means search.yml. (I feel like the Baseline endeavor is somewhat hacking around the aforementioned failure of W3C to progress their documents on the standards track, but that's just a complaint with things outside this forum's interest.)
There's apparently a newish W3C project called Baseline that intends to define which web features are well-supported by browsers. (They don't really explain how to access the data, but it's displayed very prominently on caniuse.com.)
Change #1050742 merged by jenkins-bot:
[css-sanitizer@master] Add support for :dir() pseudo-class
https://gerrit.wikimedia.org/r/1050742
Change #1050707 merged by jenkins-bot:
[css-sanitizer@master] Add support for logical values in float and clear properties
https://gerrit.wikimedia.org/r/1050707
I don't get why the security issue of variable concatenation made it impossible to also set border-color: var(--border-color-base) without any additional concatenation. This, to me, seems like an easy thing to allow right now without having the perfect to be an enemy of the good.
I think this could resolve this - https://gerrit.wikimedia.org/r/c/css-sanitizer/+/1052146
@Ebrahim Could you look into this?
border: 1px solid var( --border-color-base, #a2a9b1 ); also works as advised in T368637#9942128.
That works also, I didn't know, but border-color: var(--border-subtle-color, #c8ccd1); doesn't.
Only colors are supported right now, so border: solid 2px var(--border-subtle-color, #c8ccd1); should also work!
I think specifying border-top-color, border-right-color, border-bottom-color and border-left-color, while looks ugly, should work.
Change #1050707 had a related patch set uploaded (by Ebrahim; author: Ebrahim):
[css-sanitizer@master] Add support for logical values in float property
https://gerrit.wikimedia.org/r/1050707
Change #1050742 had a related patch set uploaded (by Ebrahim; author: Ebrahim):
[css-sanitizer@master] Add support for :dir() pseudo-class
https://gerrit.wikimedia.org/r/1050742
Change #1050707 had a related patch set uploaded (by Ebrahim; author: Ebrahim):
[css-sanitizer@master] Add support for logical values in float property
https://gerrit.wikimedia.org/r/1050707
Change #1050724 had a related patch set uploaded (by Ebrahim; author: Ebrahim):
[css-sanitizer@master] Add support for sizing properties of CSS Logical
https://gerrit.wikimedia.org/r/1050724