Hello,
The "css code" option on the panelizer settings page is using the ctools filter.
This is somewhat annoying as it removes a lot of rules that are important.
* if the css has "min-height" the will remove the entry
* all media queries
* most of the css3 rules
The media queries problem is particularly annoying has this box should only be used to small fixes or exceptions per page. And most of this small exceptions come up when reviewing the secondary layout (mobile on desktop first website and desktop on mobile first websites).
As far as security goes, I don't think this is an issue as all the code is loaded from a css file and parsed as css. On top of that, for an user to edit this value he should have a particularly high access level.
Please review as I think this box is useful but, as is, is not reliable enough to be used.
The correction is just to place a third argument (FALSE) on ctools_css_store (2 entries on PanelizerEntityDefault.class.php).
| Comment | File | Size | Author |
|---|---|---|---|
| #3 | panelizer-css-filter-variable-2904665.patch | 748 bytes | hadsie |
Comments
Comment #2
Jorrit commentedNeeds Review is only used for issues that have a working patch attached.
Comment #3
hadsie commentedHere's a patch to add a variable called
panelizer_css_filter_enabledthat will bypass the CSS filtering if a site needs that.