fix(css): preserve CSS unicode escapes in noUselessEscapeInString

[xvchris]

AI Assistance Disclosure: This PR was developed with AI assistance for code review and test case generation. All changes were manually reviewed and verified.

Summary

Fixes #9385

The noUselessEscapeInString rule incorrectly flagged CSS unicode escape sequences (e.g. \e7bb, \e644) as useless escapes and its auto-fix stripped the backslash, breaking iconfont content declarations.

Root Cause

In next_useless_escape(), the hex digit range after a backslash was b'0'..=b'7', which only covers octal-range digits. CSS unicode escapes use the full hex range: \ followed by 1-6 hex digits (0-9, a-f, A-F). Characters like \e, \a, \8, \9, \c, \d were incorrectly treated as useless escapes.

Fix

Expanded the recognized hex digit range to b'0'..=b'9' | b'a'..=b'f' | b'A'..=b'F'. The previously separate b'b' and b'f' entries (for \b and \f) are now subsumed by the a-f range — this is correct since in CSS strings, \b and \f are unicode escapes for U+000B and U+000F respectively, not C-style control character escapes.

Test Plan

• Updated the invalid test to use \z (truly useless) instead of \a (valid hex escape)
• Added valid test cases for CSS unicode escapes: \e7bb, \e644, \AB12, \39
• All snapshots updated and tests pass

Docs

N/A — This is a bugfix to an existing lint rule. No new rules, actions, or options are introduced.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 07ae68c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3f95000e-13fd-4005-9731-e64a291f1298

📥 Commits

Reviewing files that changed from the base of the PR and between f8dbbdb and 07ae68c.

📒 Files selected for processing (1)

• crates/biome_css_analyze/src/lint/suspicious/no_useless_escape_in_string.rs

---

Walkthrough

The CSS noUselessEscapeInString lint rule's escape recognition was changed: digits 0–9 and hex digits A–F/a–f are now treated as meaningful in escapes (expanded from 0–7), and explicit handling for \b and \f was removed. Tests were updated and new cases added for unicode escapes like \e7bb, \e644, \AB12, and \39.

🚥 Pre-merge checks | ✅ 4

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: fixing the noUselessEscapeInString rule to preserve CSS unicode escapes.
Description check	✅ Passed	The description clearly explains the bug fix, root cause, solution, and test updates related to the CSS unicode escape handling.
Linked Issues check	✅ Passed	The PR successfully addresses issue #9385 by expanding hex digit recognition from 0-7 to 0-9 and a-f/A-F, preventing valid CSS unicode escapes from being flagged as useless.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to fixing the noUselessEscapeInString rule for CSS unicode escapes; no unrelated modifications detected.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

crates/biome_css_analyze/tests/specs/suspicious/noUselessEscapeInString/valid.css (1)

8-19: Add one single-digit hex escape to pin the edge case.

These cases cover multi-digit escapes nicely, but they do not prove that lone hex escapes like \a, \b, or \f stay valid after dropping the explicit branches. One tiny fixture here would keep that regression firmly boxed in.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@crates/biome_css_analyze/tests/specs/suspicious/noUselessEscapeInString/valid.css`
around lines 8 - 19, Add a single-digit hex escape fixture to this test by
adding a new rule (e.g., .icon-single-digit:before) near the other examples and
set its content to a one-digit unicode escape like "\a" (so the rule looks like
.icon-single-digit:before { content: "\a" }). This pins the edge case for lone
hex escapes without changing existing multi-digit examples such as
.icon-digit:before or .icon-hex:before.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@crates/biome_css_analyze/src/lint/suspicious/no_useless_escape_in_string.rs`:
- Around line 112-114: Update the rustdoc example in the docstring of the lint
in no_useless_escape_in_string.rs so it uses a truly useless escape (e.g. "\z")
instead of "\a" which is now considered a meaningful hex-related escape; locate
the example in the doc comment for the lint (the rustdoc block around the rule
implementation) and replace the invalid example string, and run cargo test /
rustdoc checks to ensure the documentation example matches the new hex-handling
behavior.

---

Nitpick comments:
In
`@crates/biome_css_analyze/tests/specs/suspicious/noUselessEscapeInString/valid.css`:
- Around line 8-19: Add a single-digit hex escape fixture to this test by adding
a new rule (e.g., .icon-single-digit:before) near the other examples and set its
content to a one-digit unicode escape like "\a" (so the rule looks like
.icon-single-digit:before { content: "\a" }). This pins the edge case for lone
hex escapes without changing existing multi-digit examples such as
.icon-digit:before or .icon-hex:before.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 18916fd3-d430-44cd-980a-391ca4d76110

📥 Commits

Reviewing files that changed from the base of the PR and between 1bb9edc and f8dbbdb.

⛔ Files ignored due to path filters (2)

• crates/biome_css_analyze/tests/specs/suspicious/noUselessEscapeInString/invalid.css.snap is excluded by !**/*.snap and included by **
• crates/biome_css_analyze/tests/specs/suspicious/noUselessEscapeInString/valid.css.snap is excluded by !**/*.snap and included by **

📒 Files selected for processing (3)

• crates/biome_css_analyze/src/lint/suspicious/no_useless_escape_in_string.rs
• crates/biome_css_analyze/tests/specs/suspicious/noUselessEscapeInString/invalid.css
• crates/biome_css_analyze/tests/specs/suspicious/noUselessEscapeInString/valid.css

[codspeed-hq]

Merging this PR will not alter performance

✅ 29 untouched benchmarks
⏩ 187 skipped benchmarks¹

---

_{Comparing xvchris:fix/css-unicode-escape-content (07ae68c) with main (776cb64)²}

Footnotes

1. 187 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

2. No successful run was found on main (1bb9edc) during the generation of this report, so 776cb64 was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩