CSS Custom Properties for Cascading Variables Module Level 1

1. Introduction

This section is not normative.

Large documents or applications (and even small ones) can contain quite a bit of CSS. Many of the values in the CSS file will be duplicate data; for example, a site may establish a color scheme and reuse three or four colors throughout the site. Altering this data can be difficult and error-prone, since it’s scattered throughout the CSS file (and possibly across multiple files), and may not be amenable to Find-and-Replace.

This module introduces a family of custom author-defined properties known collectively as custom properties, which allow an author to assign arbitrary values to a property with an author-chosen name, and the var() function, which allow an author to then use those values in other properties elsewhere in the document. This makes it easier to read large files, as seemingly-arbitrary values now have informative names, and makes editing such files much easier and less error-prone, as one only has to change the value once, in the custom property, and the change will propagate to all uses of that variable automatically.

1.1. Value Definitions

This specification follows the CSS property definition conventions from [CSS2] using the value definition syntax from [CSS-VALUES-3]. Value types not defined in this specification are defined in CSS Values & Units [CSS-VALUES-3]. Combination with other CSS modules may expand the definitions of these value types.

In addition to the property-specific values listed in their definitions, all properties defined in this specification also accept the CSS-wide keywords as their property value. For readability they have not been repeated explicitly.

2. Defining Custom Properties: the --* family of properties

This specification defines an open-ended set of properties called custom properties, which, among other things, are used to define the substitution value of var() functions.

User agents are expected to support this property on all media, including non-visual ones.

A custom property is any property whose name starts with two dashes (U+002D HYPHEN-MINUS), like --foo. The <custom-property-name> production corresponds to this: it’s defined as any <dashed-ident> (a valid identifier that starts with two dashes), except -- itself, which is reserved for future use by CSS. Custom properties are solely for use by authors and users; CSS will never give them a meaning beyond what is presented here.

:root {    --main-color: #06c;    --accent-color: #006;  }  /* The rest of the CSS file */  #foo h1 {    color: var(--main-color);  }  

Unlike other CSS properties, custom property names are not ASCII case-insensitive. Instead, custom property names are only equal to each other if they are identical to each other.

Operating systems, keyboards, or input methods sometimes encode visually-identical text using different codepoint sequences. Authors are advised to choose variable names that avoid potential confusion or to use escapes and other means to ensure that similar appearing sequences are identical. See Section 2.3 in [CHARMOD-NORM] for examples.

--fijord: red;  --fijord: green;  --fijord: blue;    .test {    background-color: var(--fijord);  }  

Custom properties are not reset by the all property. We may define a property in the future that resets all variables.

The CSS-wide keywords can be used in custom properties, with the same meaning as in any another property.

Note: That is, they’re interpreted at cascaded-value time as normal, and are not preserved as the custom property’s value, and thus are not substituted in by the corresponding variable.

Note: While this module focuses on the use of custom properties with the var() function to create “variables”, they can also be used as actual custom properties, parsed by and acted on by script. It’s expected that the CSS Extensions spec [CSS-EXTENSIONS] will expand on these use-cases and make them easier to do.

Custom properties are ordinary properties, so they can be declared on any element, are resolved with the normal inheritance and cascade rules, can be made conditional with @media and other conditional rules, can be used in HTML’s style attribute, can be read or set using the CSSOM, etc.

Notably, they can even be transitioned or animated, but since the UA has no way to interpret their contents, they always use the "flips at 50%" behavior that is used for any other pair of values that can’t be intelligently interpolated. However, any custom property used in a @keyframes rule becomes animation-tainted, which affects how it is treated when referred to via the var() function in an animation property.

Animation-tainted is "infectious": custom properties which reference animation-tainted properties also become animation-tainted.

:root {    --header-color: #06c;  }  

h1 { background-color: var(--header-color); }  

:root { --color: blue; }  div { --color: green; }  #alert { --color: red; }  * { color: var(--color); }    <p>I inherited blue from the root element!</p>  <div>I got green set directly on me!</div>  <div id='alert'>    While I got red set directly on me!    <p>I’m red too, because of inheritance!</p>  </div>  

:root,  :root:lang(en) {--external-link: "external link";}  :root:lang(el) {--external-link: "εξωτερικός σύνδεσμος";}    a[href^="http"]::after {content: " (" var(--external-link) ")"}  

2.1. Custom Property Value Syntax

The allowed syntax for custom properties is extremely permissive. The <declaration-value> production matches any sequence of one or more tokens, so long as the sequence does not contain <bad-string-token>, <bad-url-token>, unmatched <)-token>, <]-token>, or <}-token>, or top-level <semicolon-token> tokens or <delim-token> tokens with a value of "!".

In addition, if the value of a custom property contains a var() reference, the var() reference must be valid according to the specified var() grammar. If not, the custom property is invalid and must be ignored.

Note: This definition, along with the general CSS syntax rules, implies that a custom property value never includes an unmatched quote or bracket, and so cannot have any effect on larger syntax constructs, like the enclosing style rule, when reserialized.

Note: Custom properties can contain a trailing !important, but this is automatically removed from the property’s value by the CSS parser, and makes the custom property "important" in the CSS cascade. In other words, the prohibition on top-level "!" characters does not prevent !important from being used, as the !important is removed before syntax checking happens.

--foo: if(x > 5) this.width = 10;  

The values of custom properties, and the values of var() functions substituted into custom properties, are case-sensitive, and must be preserved in their original author-given casing. (Many CSS values are ASCII case-insensitive, which user agents can take advantage of by "canonicalizing" them into a single casing, but that isn’t allowed for custom properties.)

2.2. Guaranteed-Invalid Values

The initial value of a custom property is a guaranteed-invalid value. As defined in § 3 Using Cascading Variables: the var() notation, using var() to substitute a custom property with this as its value makes the property referencing it invalid at computed-value time.

This value serializes as the empty string, but actually writing an empty value into a custom property, like --foo: ;, is a valid (empty) value, not the guaranteed-invalid value. If, for whatever reason, one wants to manually reset a variable to the guaranteed-invalid value, using the keyword initial will do this.

2.3. Resolving Dependency Cycles

Custom properties are left almost entirely unevaluated, except that they allow and evaluate the var() function in their value. This can create cyclic dependencies where a custom property uses a var() referring to itself, or two or more custom properties each attempt to refer to each other.

For each element, create a directed dependency graph, containing nodes for each custom property. If the value of a custom property prop contains a var() function referring to the property var (including in the fallback argument of var()), add an edge between prop and the var. Edges are possible from a custom property to itself.

If there is a cycle in the dependency graph, all the custom properties in the cycle are invalid at computed-value time.

Note: Defined properties that participate in a dependency cycle either end up with invalid variables in their value (becoming invalid at computed-value time), or define their own cyclic handling (like font-size using em values). They do not compute to the guaranteed-invalid value like custom properties do.

:root {    --main-color: #c06;    --accent-background: linear-gradient(to top, var(--main-color), white);  }  

:root {    --one: calc(var(--two) + 20px);    --two: calc(var(--one) - 20px);  }  

It is important to note that custom properties resolve any var() functions in their values at computed-value time, which occurs before the value is inherited. In general, cyclic dependencies occur only when multiple custom properties on the same element refer to each other; custom properties defined on elements higher in the element tree can never cause a cyclic reference with properties defined on elements lower in the element tree.

<one><two><three /></two></one>  <style>  one   { --foo: 10px; }  two   { --bar: calc(var(--foo) + 10px); }  three { --foo: calc(var(--bar) + 10px); }  </style>  

3. Using Cascading Variables: the var() notation

The value of a custom property can be substituted into the value of another property with the var() function. The syntax of var() is:

var() = var( <custom-property-name> , <declaration-value>? )  

In an exception to the usual comma elision rules, which require commas to be omitted when they’re not separating values, a bare comma, with nothing following it, must be treated as valid in var(), indicating an empty fallback value.

Note: That is, var(--a,) is a valid function, specifying that if the --a custom property is invalid or missing, the var() should be replaced with nothing.

The var() function can be used in place of any part of a value in any property on an element. The var() function can not be used as property names, selectors, or anything else besides property values. (Doing so usually produces invalid syntax, or else a value whose meaning has no connection to the variable.)

.foo {    --side: margin-top;    var(--side): 20px;  }  

The first argument to the function is the name of the custom property to be substituted. The second argument to the function, if provided, is a fallback value, which is used as the substitution value when the value of the referenced custom property is the guaranteed-invalid value.

Note: The syntax of the fallback, like that of custom properties, allows commas. For example, var(--foo, red, blue) defines a fallback of red, blue; that is, anything between the first comma and the end of the function is considered a fallback value.

/* In the component’s style: */  .component .header {    color: var(--header-color, blue);  }  .component .text {    color: var(--text-color, black);  }    /* In the larger application’s style: */  .component {    --text-color: #080;    /* header-color isn’t set,       and so remains blue,       the fallback value */  }  

If a property contains one or more var() functions, and those functions are syntactically valid, the entire property’s grammar must be assumed to be valid at parse time. It is only syntax-checked at computed-value time, after var() functions have been substituted.

To substitute a var() in a property’s value:

1. If the custom property named by the first argument to the var() function is animation-tainted, and the var() function is being used in a property that is not animatable, treat the custom property as having its initial value for the rest of this algorithm.
2. If the value of the custom property named by the first argument to the var() function is anything but the initial value, replace the var() function by the value of the corresponding custom property.
3. Otherwise, if the var() function has a fallback value as its second argument, replace the var() function by the fallback value. If there are any var() references in the fallback, substitute them as well.
4. Otherwise, the property containing the var() function is invalid at computed-value time.

   Note: Other things can also make a property invalid at computed-value time.

.foo {    --gap: 20;    margin-top: var(--gap)px;  }  

.foo {    --gap: 20;    margin-top: calc(var(--gap) * 1px);  }  

var() functions are substituted at computed-value time. If a declaration, once all var() functions are substituted in, does not match its declared grammar, the declaration is invalid at computed-value time.

If a declaration, once all var() functions are substituted in, contains only a CSS-wide keyword (and possibly whitespace), its value is determined as if that keyword were its specified value all along.

:root { --looks-valid: 20px; }  p { background-color: var(--looks-valid); }  

p { color: var(--does-not-exist, initial); }  

3.1. Invalid Variables

When a custom property’s value is the guaranteed-invalid value, var() functions cannot use it for substitution. Attempting to do so makes the declaration invalid at computed-value time, unless a valid fallback is specified.

A declaration can be invalid at computed-value time if it contains a var() that references a custom property with the guaranteed-invalid value, as explained above, or if it uses a valid custom property, but the property value, after substituting its var() functions, is invalid. When this happens, the computed value is one of the following depending on the property’s type:

The property is a non-registered custom property

The property is a registered custom property with universal syntax

The computed value is the guaranteed-invalid value.

Otherwise

Either the property’s inherited value or its initial value depending on whether the property is inherited or not, respectively, as if the property’s value had been specified as the unset keyword.

:root { --not-a-color: 20px; }  p { background-color: red; }  p { background-color: var(--not-a-color); }  

Note: The invalid at computed-value time concept exists because variables can’t "fail early" like other syntax errors can, so by the time the user agent realizes a property value is invalid, it’s already thrown away the other cascaded values.

3.2. Variables in Shorthand Properties

var() functions produce some complications when parsing shorthand properties into their component longhands, and when serializing shorthand properties from their component longhands.

If a shorthand property contains a var() function in its value, the longhand properties it’s associated with must instead be filled in with a special, unobservable-to-authors pending-substitution value that indicates the shorthand contains a variable, and thus the longhand’s value can’t be determined until variables are substituted.

This value must then be cascaded as normal, and at computed-value time, after var() functions are finally substituted in, the shorthand must be parsed and the longhands must be given their appropriate values at that point.

Note: When a shorthand is written without a var(), it is parsed and separated out into its component longhand properties at parse time; the longhands then participate in the cascade, with the shorthand property more or less discarded. When the shorthand contains a var(), however, this can’t be done, as the var() could be substituted with anything.

Pending-substitution values must be serialized as the empty string, if an API allows them to be observed.

Shorthand properties are serialized by gathering the values of their component longhand properties, and synthesizing a value that will parse into the same set of values.

If all of the component longhand properties for a given shorthand are pending-substitution values from the same original shorthand value, the shorthand property must serialize to that original (var()-containing) value.

Otherwise, if any of the component longhand properties for a given shorthand are pending-substitution values, or contain var() functions of their own that have not yet been substituted, the shorthand property must serialize to the empty string.

3.3. Safely Handling Overly-Long Variables

Naively implemented, var() functions can be used in a variation of the "billion laughs attack":

.foo {    --prop1: lol;    --prop2: var(--prop1) var(--prop1);    --prop3: var(--prop2) var(--prop2);    --prop4: var(--prop3) var(--prop3);    /* etc */  }  

To avoid this sort of attack, UAs must impose a UA-defined limit on the allowed length of the token stream that a var() function expands into. If a var() would expand into a longer token stream than this limit, it instead makes the property it’s expanding into invalid at computed-value time.

This specification does not define what size limit should be imposed. However, since there are valid use-cases for custom properties that contain a kilobyte or more of text, it’s recommended that the limit be set relatively high.

Note: The general principle that UAs are allowed to violate standards due to resource constraints is still generally true here; a UA might, separately, have limits on how long of a custom property they can support, or how large of an identifier they can support. This section calls out this attack specifically because of its long history, and the fact that it can be done without any of the pieces seeming to be too large on first inspection.

4. APIs

All custom property declarations have the case-sensitive flag set.

Note: Custom properties do not appear on a CSSStyleDeclaration object in camel-cased form, because their names may have both upper and lower case letters which indicate distinct custom properties. The sort of text transformation that automatic camel-casing performs is incompatible with this. They can still be accessed by their proper name via getPropertyValue()/etc.

4.1. Serializing Custom Properties

Custom property names must be serialized as the exact code point sequence provided by the author, including not altering the case.

Note: For non-custom properties, property names are restricted to the ASCII range and are ASCII case-insensitive, so implementations typically serialize the name lowercased.

Specified values of custom properties must be serialized exactly as specified by the author. Simplifications that might occur in other properties, such as dropping comments, normalizing whitespace, reserializing numeric tokens from their value, etc., must not occur.

Computed values of custom properties must similarly be serialized exactly as specified by the author, save for the replacement of any var() functions.

--y: /* baz */;  --x: /* foo */ var(--y) /* bar */;  

5. Changes

5.1. Changes Since the 11 November 2021 CR Draft

• Clarified that custom properties apply all pseudo-elements (including those with restricted property lists)

• Added example to illustrate issues with combining characters, ligatures, etc

• Strengthened wording around similar-appearing variable names that use distinct codepoint sequences

• Clarified an example by using more visualy distinct languages as examples (English and Greek)

• Split Security and Privacy into separate sections

5.2. Changes Since the 03 December 2015 CR

• Now that [css-syntax-3] auto-trims whitespace from declaration values, made <declaration-value> optional in the custom property grammar, so that empty variables are still allowed. (Issue 774)

• Similarly, made empty fallbacks valid in var().

• The '-' property is reserved for future use by CSS.

• Added concept of "animation-tainted", to prevent non-animatable properties from using a variable to smuggle in some animatability.

• Defined the guaranteed-invalid value to make the initial value of custom properties and the result of cycles or substitution failure more straightforward, and allow failure to propagate thru substitutions until finally intercepted by a fallback.

• Defined that cycles trigger invalid at computed-value time behavior.

• Allowed variables to resolve to a CSS-wide keyword (only possible by providing it as a fallback).

• Clarified that registered custom properties act like non-custom properties when they’re invalid at computed-value time.

• Made longhands with var()s also trigger their shorthands to be unserializable, like longhands with pending-substitution values already did.

• Required UAs to defend against exponential substitution attacks.

• Defined how to serialize the values of custom properties (previously, only the property name’s serialization was specified).

5.3. Changes since the May 6 2014 Last Call Working Draft

• Serialization of longhands when shorthand uses a variable was defined.

• Link to DOM’s definition of "case-sensitive".

• Added example of using variables with :lang() to do simple i18n.

• Clarified that usage of var() in a custom property must be valid per the var() grammar.

6. Acknowledgments

Many thanks to several people in the CSS Working Group for keeping the dream of variables alive over the years, particularly Daniel Glazman and David Hyatt. Thanks to multiple people on the mailing list for helping contribute to the development of this incarnation of variables, particularly Brian Kardell, David Baron, François Remy, Roland Steiner, and Shane Stephens.

7. Privacy Considerations

This specification defines a purely author-level mechanism for passing styling information around within a page they control. As such, there are no new privacy considerations.

8. Security Considerations

§ 3.3 Safely Handling Overly-Long Variables calls out a long-standing Denial-of-Service attack that can be mounted against "macro-expansion"-like mechanisms, such as the var() function, and mandates a defense against that attack.