fix(css): preserve CSS unicode escapes in noUselessEscapeInString

[xvchris]

Summary

Fixes #9385

The noUselessEscapeInString rule incorrectly identified CSS unicode escape sequences (e.g. \e7bb, \e644, \a) as useless escapes and stripped the backslash during auto-fix, breaking iconfont and other unicode content.

What changed

In CSS, \ followed by 1–6 hex digits is a valid unicode escape sequence (e.g. \e7bb → U+E7BB). The next_useless_escape function only recognized hex digits 0–7 as meaningful after a backslash, missing 8, 9, and a–f / A–F.

Before: content: "\e7bb" → auto-fixed to content: "e7bb" (broken)
After: content: "\e7bb" → no diagnostic (correct)

Changes

• Extended the meaningful escape match in next_useless_escape to cover all hex digits (0–9, a–f, A–F)
• Updated doc example to use \g (a genuinely useless escape) instead of \a (valid hex escape)
• Added test cases for CSS unicode escapes: \e7bb, \e644, \a, \0a, \AB12CD
• Updated invalid test to use \g instead of \a

Test plan

All 109 CSS analyzer spec tests pass.

AI Disclosure

This PR was authored with AI assistance (Claude). The bug was identified and fix was implemented with AI help.

[changeset-bot]

🦋 Changeset detected

Latest commit: 1b6eaad

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 13 packages

Name	Type
@biomejs/biome	Patch
@biomejs/cli-win32-x64	Patch
@biomejs/cli-win32-arm64	Patch
@biomejs/cli-darwin-x64	Patch
@biomejs/cli-darwin-arm64	Patch
@biomejs/cli-linux-x64	Patch
@biomejs/cli-linux-arm64	Patch
@biomejs/cli-linux-x64-musl	Patch
@biomejs/cli-linux-arm64-musl	Patch
@biomejs/wasm-web	Patch
@biomejs/wasm-bundler	Patch
@biomejs/wasm-nodejs	Patch
@biomejs/backend-jsonrpc	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 770a5aa3-f05a-4f4e-bef3-42640bc2c4cd

📥 Commits

Reviewing files that changed from the base of the PR and between fea74d3 and 1b6eaad.

⛔ Files ignored due to path filters (1)

• crates/biome_css_analyze/tests/specs/suspicious/noUselessEscapeInString/valid.css.snap is excluded by !**/*.snap and included by **

📒 Files selected for processing (2)

• .changeset/fix-css-unicode-escape.md
• crates/biome_css_analyze/tests/specs/suspicious/noUselessEscapeInString/valid.css

🚧 Files skipped from review as they are similar to previous changes (1)

• crates/biome_css_analyze/tests/specs/suspicious/noUselessEscapeInString/valid.css

---

Walkthrough

This PR fixes the noUselessEscapeInString CSS lint rule. The lint now recognises CSS hex escapes (a backslash followed by 1–6 hex digits, e.g. \e7bb) as meaningful and no longer strips them from string literals. Tests and examples were updated to include valid hex-escape cases and adjust invalid examples accordingly.

Suggested reviewers

• ematipico
• denbezrukov
• dyc3

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main fix: preserving CSS unicode escapes in the noUselessEscapeInString rule.
Description check	✅ Passed	The description comprehensively explains the bug, the root cause, the changes made, and includes test results. It's directly related to the changeset.
Linked Issues check	✅ Passed	The PR fully addresses issue #9385 requirements: recognises valid CSS unicode escapes (backslash + 1–6 hex digits), preserves them by fixing the hex digit detection logic, and includes comprehensive test coverage.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing the CSS unicode escape handling in noUselessEscapeInString—no unrelated modifications detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (2)

crates/biome_css_analyze/tests/specs/suspicious/noUselessEscapeInString/valid.css (1)

8-22: Please add a case starting with 8 or 9 as well.

These fixtures cover escapes beginning with a–f / A–F, but none start with 8 or 9, which was the other half of the bug. A tiny sample like content: "\89" would lock that branch down too.

🧪 Minimal addition

 .g::after {
     content: "\AB12CD"
 }
+.h::after {
+    content: "\89"
+}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@crates/biome_css_analyze/tests/specs/suspicious/noUselessEscapeInString/valid.css`
around lines 8 - 22, Add a test case for a CSS unicode escape that starts with 8
or 9 to cover the missing branch; e.g., add a new rule similar to .g::after (or
a new .h::after) with content: "\89" (or "\8A" etc.) alongside the existing
.c/.d/.e/.f/.g cases so the parser branch handling escapes starting with 8/9 is
exercised.

.changeset/fix-css-unicode-escape.md (1)

5-5: Keep the changeset user-facing.

The second sentence dips into matcher internals; I’d trim it to the broken behaviour users actually saw.

✍️ Possible rewrite

-Fixed [`#9385`](https://github.com/biomejs/biome/issues/9385): the [`noUselessEscapeInString`](https://biomejs.dev/linter/rules/no-useless-escape-in-string/) rule no longer removes valid CSS unicode escape sequences (e.g. `\e7bb`, `\e644`) from string literals. Previously, backslashes followed by hex digits `8`–`9` and `a`–`f`/`A`–`F` were incorrectly treated as useless escapes, breaking iconfont `content` properties.
+Fixed [`#9385`](https://github.com/biomejs/biome/issues/9385): the [`noUselessEscapeInString`](https://biomejs.dev/linter/rules/no-useless-escape-in-string/) rule no longer strips valid CSS unicode escapes from string literals. This fixes broken iconfont `content` values caused by the autofix.

As per coding guidelines, changeset descriptions must be written for end users (explain impact and what changed), not developers (avoid implementation details).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.changeset/fix-css-unicode-escape.md at line 5, Update the changeset text in
.changeset/fix-css-unicode-escape.md to be user-facing: remove the internal
matcher detail about hex digit ranges and instead concisely state the observable
behavior and impact—e.g., that the noUselessEscapeInString rule no longer strips
valid CSS unicode escapes like “\e7bb”/“\e644”, which previously broke iconfont
content properties—so the description explains the user-facing fix and its
effect without implementation details.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.changeset/fix-css-unicode-escape.md:
- Line 5: Update the changeset text in .changeset/fix-css-unicode-escape.md to
be user-facing: remove the internal matcher detail about hex digit ranges and
instead concisely state the observable behavior and impact—e.g., that the
noUselessEscapeInString rule no longer strips valid CSS unicode escapes like
“\e7bb”/“\e644”, which previously broke iconfont content properties—so the
description explains the user-facing fix and its effect without implementation
details.

In
`@crates/biome_css_analyze/tests/specs/suspicious/noUselessEscapeInString/valid.css`:
- Around line 8-22: Add a test case for a CSS unicode escape that starts with 8
or 9 to cover the missing branch; e.g., add a new rule similar to .g::after (or
a new .h::after) with content: "\89" (or "\8A" etc.) alongside the existing
.c/.d/.e/.f/.g cases so the parser branch handling escapes starting with 8/9 is
exercised.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 01aa2474-3e25-48b4-9736-3cbb613c1a89

📥 Commits

Reviewing files that changed from the base of the PR and between 71c7df6 and fea74d3.

⛔ Files ignored due to path filters (2)

• crates/biome_css_analyze/tests/specs/suspicious/noUselessEscapeInString/invalid.css.snap is excluded by !**/*.snap and included by **
• crates/biome_css_analyze/tests/specs/suspicious/noUselessEscapeInString/valid.css.snap is excluded by !**/*.snap and included by **

📒 Files selected for processing (4)

• .changeset/fix-css-unicode-escape.md
• crates/biome_css_analyze/src/lint/suspicious/no_useless_escape_in_string.rs
• crates/biome_css_analyze/tests/specs/suspicious/noUselessEscapeInString/invalid.css
• crates/biome_css_analyze/tests/specs/suspicious/noUselessEscapeInString/valid.css

[dyc3]

oh good, the ai figured out it was hex sequence that's allowed.

[xvchris]

Simplified the changeset to be more user-facing as suggested. Also added test cases for \89, \eezaf, and \edk to cover the edge cases you and @dyc3 brought up.

[codspeed-hq]

Merging this PR will not alter performance

✅ 29 untouched benchmarks
⏩ 187 skipped benchmarks¹

---

_{Comparing xvchris:fix/css-unicode-escape (1b6eaad) with main (776cb64)²}

Footnotes

1. 187 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

2. No successful run was found on main (71c7df6) during the generation of this report, so 776cb64 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩

[xvchris]

@dyc3 Thanks for the review! I've addressed all the feedback and added the extra test cases. Could you re-approve when you get a chance? 🙏