Constant CSS values being sanitized

[wedow]

Hey there, thanks for making this great tool!

Playing with porting over some react code and noticed an inconsistency between the docs and CSS generation behaviour. The docs state "Within css blocks, property names, and constant CSS property values are not sanitized or escaped."

But given a CSS expression like

css primaryNav() {
	max-height: calc(100vh - 170px);
	overflow: auto;
}

templ generates

templCSSBuilder.WriteString(`max-height:zTemplUnsafeCSSPropertyValue;`)

Which suggests the max-height value is being sent through safehtml.SanitizeCSS which rejects CSS functions. Is this expected behaviour? Is there a preferred alternative way to express this? I feel I must be overlooking something.

[a-h]

Thanks for looking into this, I was able to reproduce the issue easily thanks to your great report. This is a bug - I can't see a reason why a constant value coming from a developer would be sanitized.

It looks like I was overzealous when I added CSS property sanitization to the system, or decided to use the existing sanitization function instead of printing the value, and the existing test suite didn't happen to contain a value that triggered the sanitization, and I didn't use any CSS expressions in my own work with templ so far so you found it first!