Relax style tag contents validation

sirreal · sirreal · commit 7c0102082ccb · 2025-12-17T11:54:26.000+01:00
STYLE tags may contain any raw text up to a closing STYLE tag https://html.spec.whatwg.org/multipage/parsing.html#generic-raw-text-element-parsing-algorithm
diff --git a/src/wp-includes/customize/class-wp-customize-custom-css-setting.php b/src/wp-includes/customize/class-wp-customize-custom-css-setting.php
@@ -163,7 +163,15 @@ public function validate( $value ) {
 
 		$validity = new WP_Error();
 
-		if ( preg_match( '#</?\w+#', $css ) ) {
+		/**
+		 * Check for a closing STYLE tag inside the CSS.
+		 *
+		 * STYLE tags are processed using the "generic raw text parsing algorithm." They contain
+		 * raw text up until a matching closing tag.
+		 *
+		 * @see https://html.spec.whatwg.org/multipage/parsing.html#generic-raw-text-element-parsing-algorithm
+		 */
+		if ( preg_match( '#</style[ \\t\\f\\n\\r/>]#', $css ) ) {
 			$validity->add( 'illegal_markup', __( 'Markup is not allowed in CSS.' ) );
 		}
 
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-global-styles-controller.php
@@ -668,7 +668,15 @@ public function get_theme_items( $request ) {
 	 * @return true|WP_Error True if the input was validated, otherwise WP_Error.
 	 */
 	protected function validate_custom_css( $css ) {
-		if ( preg_match( '#</?\w+#', $css ) ) {
+		/**
+		 * Check for a closing STYLE tag inside the CSS.
+		 *
+		 * STYLE tags are processed using the "generic raw text parsing algorithm." They contain
+		 * raw text up until a matching closing tag.
+		 *
+		 * @see https://html.spec.whatwg.org/multipage/parsing.html#generic-raw-text-element-parsing-algorithm
+		 */
+		if ( preg_match( '#</style[ \\t\\f\\n\\r/>]#', $css ) ) {
 			return new WP_Error(
 				'rest_custom_css_illegal_markup',
 				__( 'Markup is not allowed in CSS.' ),
