[wp-trac] [WordPress Trac] #63568: WP_Font_Face: Font names that contain single quotes are not wrapped in double quotes
WordPress Trac
noreply at wordpress.org
Tue Nov 4 14:00:40 UTC 2025
#63568: WP_Font_Face: Font names that contain single quotes are not wrapped in
double quotes
-------------------------------------------------+-------------------------
Reporter: wildworks | Owner: audrasjb
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 6.9
Component: Editor | Version: 6.4
Severity: normal | Resolution:
Keywords: has-patch has-test-info has- | Focuses: ui
screenshots has-unit-tests needs-testing dev- |
feedback |
-------------------------------------------------+-------------------------
Comment (by dmsnell):
Thanks @wildworks for the ping. I will try and follow-up with this within
a few days, but in the meantime I fully trust what @jonsurrell has to say
on the matter. He’s even more knowledgeable on these mixed-environment
scenarios.
It does seem like the issue isn’t so much that font names with an
apostrophe cause problems, but rather that somewhere we have overlooked
the fact that CSS strings may need to be quoted and escaped, and I like
the direction he’s proposing to handle the generation of CSS strings given
a raw PHP input value.
In [https://github.com/WordPress/wordpress-develop/pull/9292 #9299] I was
working along a similar idea with `$wpdb` to properly escape “schema name
identifiers” (table names, column names, etc…) and reject outright those
which are truly invalid according to MySQL. There could be invalid or
unrepresentable font names, and sometimes it’s best to put that
understanding into the code, which also has the benefit of being able to
reliably skip quoting when unnecessary.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63568#comment:43>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list