Title: Bug in Custom CSS Option
Last modified: August 30, 2016

---

# Bug in Custom CSS Option

 *  [CrouchingBruin](https://wordpress.org/support/users/crouchingbruin/)
 * (@crouchingbruin)
 * [10 years, 9 months ago](https://wordpress.org/support/topic/bug-in-custom-css-option-1/)
 * There is a serious bug in the Custom CSS editor (**Appearance → Customize → Layout
   Options → Additional Style**) that is being used by this theme. Any CSS property
   which uses a single quote (‘) or double quote (“) in the property value will 
   have that character changed into an escape character, making the property invalid.
   For example:
 *     ```
       a {
          font-family: 'Times Roman';
       }
       ```
   
 * becomes:
 *     ```
       a {
          font-family: &#039;Times Roman&#039;;
       }
       ```
   
 * Of course, a work around would be to install a custom CSS plugin, but this is
   pretty bad, a CSS editor shouldn’t be making any character substitutions like
   that.

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Theme Author [marsian](https://wordpress.org/support/users/marsian/)
 * (@marsian)
 * [10 years, 9 months ago](https://wordpress.org/support/topic/bug-in-custom-css-option-1/#post-6412524)
 * For security reason every input field is escaped in WordPress themes.
 *  Thread Starter [CrouchingBruin](https://wordpress.org/support/users/crouchingbruin/)
 * (@crouchingbruin)
 * [10 years, 9 months ago](https://wordpress.org/support/topic/bug-in-custom-css-option-1/#post-6412525)
 * There are plenty of themes which have a custom CSS option which do not escape
   special characters. And most custom CSS plugins, like Jetpack, also do not escape
   special characters. Also, if you use the text editor to edit a page or post, 
   you can enter apostrophes or quotes and they don’t get escaped.
 * Is it possible to inject scripting code into a custom CSS field? Yes, but it’s
   just as possible, and even easier, to inject code into page or post content. 
   The escaping of the apostrophe and quote mark is definitely a bug with this theme.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Bug in Custom CSS Option’ is closed to new replies.

 * ![](https://i0.wp.com/themes.svn.wordpress.org/i-excel/1.7.9/screenshot.png)
 * i-excel
 * [Support Threads](https://wordpress.org/support/theme/i-excel/)
 * [Active Topics](https://wordpress.org/support/theme/i-excel/active/)
 * [Unresolved Topics](https://wordpress.org/support/theme/i-excel/unresolved/)
 * [Reviews](https://wordpress.org/support/theme/i-excel/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [CrouchingBruin](https://wordpress.org/support/users/crouchingbruin/)
 * Last activity: [10 years, 9 months ago](https://wordpress.org/support/topic/bug-in-custom-css-option-1/#post-6412525)
 * Status: not resolved