Support » Plugin: Legacy Jetpack Custom CSS Editor » Single quotes and greater than > escaping issues

  • Hi,
    Whenever I try updating the CSS on a multisite setup, it escapes single quotes for my CSS.
    For eg.
    Following CSS:
    .page-title {
    background: url(‘/wp-content/uploads/sites/2/2017/03/color-star-3-114-217610.png’;
    }`

    Changes back to
    .page-title {
    background: url(\’/wp-content/uploads/sites/2/2017/03/color-star-3-114-217610.png\’);
    }

    Which breaks the CSS. It seems to be a security issue and hence why it escapes. Also, greater than sign > is converted back to > . Please let me know what could possible workaround or is it a permanent solution and cannot be reverted back.

Viewing 9 replies - 1 through 9 (of 9 total)
  • Jeremy Herve

    (@jeherve)

    Jetpack Mechanic 🚀

    Could you let me know if you experience similar issues when deactivating the Legacy Jetpack Custom CSS editor, and adding your CSS under Appearance > Customize > Additional CSS?

    Thanks!

    Hi Jeremy,

    It doesn’t happen when the same CSS is saved from the Appearance > Customize > Additional CSS section. I tried with both having Legacy Jetpack Custom CSS Editor plugin activated and deactivated. Single/Double quotes get escaped and greater than symbol gets converted to & gt;. I verified this behavior in a fresh wordpress multisite install with only Jetpack and Legacy Jetpack Custom CSS Editor plugin installed. This behavior is observed for non superadmin users, which might be related to the sanitization of user post data for making it sql safe.

    Best,
    Neel

    • This reply was modified 2 years, 6 months ago by  shah.neel.
    • This reply was modified 2 years, 6 months ago by  shah.neel.
    Jeremy Herve

    (@jeherve)

    Jetpack Mechanic 🚀

    Thanks for the extra details.

    Could you try to give full unfiltered_html access to your network’s admins for a few minutes thanks to a plugin like this one, and let me know if the problem remains?

    If it disappears, we’ll know for sure that the problem is linked to additional sanitization happening for multisite admins.

    Let me know how it goes.

    I’m also experiencing this issue, with a non-multisite site.

    Jeremy Herve

    (@jeherve)

    Jetpack Mechanic 🚀

    @sarahmia Can you confirm that it’s happening when using the Legacy CSS editor, and not Core’s CSS editor?

    Hi Jeremy,

    Just verified that using Unfiltered MU plugin it leaves angle brackets (<>) unchanged, however it still escapes single/double quotes for non super admin users. The CSS editor in Appearance > Customize > Additional CSS continues to behave the same way as without Unfiltered MU plugin.

    Jeremy Herve

    (@jeherve)

    Jetpack Mechanic 🚀

    Thanks for giving it a try. Could you give me an example of a code snippet I could use to reproduce the problem?

    Hi Jeremy,

    You can refer to below example:

    #site-content > .container {
    	background: url('/test1/wp-content/uploads/sites/1/2017/3/header-band.jpg') no-repeat transparent center top;
    }
    • This reply was modified 2 years, 6 months ago by  shah.neel.
    Jeremy Herve

    (@jeherve)

    Jetpack Mechanic 🚀

    Thanks! I created an issue to track this problem here:
    https://github.com/georgestephanis/legacy-jetpack-custom-css-editor/issues/4

    We’ll see if we can get this fixed. In the meantime, I’m afraid I can only recommend that you use the core CSS editor for those changes.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Single quotes and greater than > escaping issues’ is closed to new replies.