Prevent CSS leaks by restricting form-builder styles to WPUF pages only

[arifulhoque7]

Close #1693

Bug Fix: Prevent WPUF Form Builder CSS from affecting all WP Admin pages

Problem
The wpuf-admin-form-builder.css file contained the @tailwind base directive, which applies a global CSS reset (e.g., margin: 0, padding: 0, border resets). Since the stylesheet was being enqueued globally, it caused visual inconsistencies and broke styling on unrelated WordPress admin pages.

Root Cause
The CSS was enqueued unconditionally in:

1. includes/Admin/Posting.php:108 → wp_enqueue_style('wpuf-admin-form-builder')
2. includes/Admin/Forms/Post/Templates/Form_Template.php:85 → same enqueue call

Because these enqueue calls had no page restrictions, Tailwind’s reset styles leaked into every admin page, affecting WordPress core UI, plugins, and themes.

Investigation Notes

• This issue was difficult and time-consuming to debug because the CSS reset blended with native WordPress styles.
• At first glance, the broken layouts appeared unrelated to WPUF, making it tricky to identify the true source.
• Only after carefully isolating and testing across multiple admin screens was the actual cause (unscoped Tailwind base styles) discovered.
• The process took significantly more effort than a normal bugfix due to the subtle and widespread impact.

Solution

• Added conditional enqueue logic using get_current_screen().
• Styles are now only loaded when the current admin screen is related to WPUF ($screen->id or $screen->base contains wpuf).
• Restored @tailwind base in the source file since scoping is safely handled at the enqueue level.

Testing

• Verified CSS only loads on WPUF-specific admin screens.
• Checked multiple WordPress admin pages to ensure no unintended style overrides remain.
• Confirmed full functionality of the form builder and backward compatibility.

---

✅ This resolves the global CSS leakage issue.
⚡️ Debugging this took much longer than a typical fix because the problem was deeply hidden and only revealed itself after exhaustive analysis.

Summary by CodeRabbit

• New Features

  • None

• Style

  • Introduced comprehensive base styles (Tailwind Preflight) for a more consistent form builder UI.
  • Organized component styles into layers and scoped background styling to the content area for WPUF admin pages.

• Bug Fixes

  • Resolved unintended style overrides by preventing CSS from affecting unrelated admin pages.

• Refactor

  • Loaded admin assets only via WPUF-specific hooks for post and registration form builders, reducing impact on other admin screens and improving performance.

[coderabbitai]

Walkthrough

Replaces minimal admin form-builder CSS with Tailwind Preflight/base and component layering, narrows the white-background selector to #wpcontent, and changes admin enqueue hooks so form-builder assets load only on WPUF-related admin screens. No public APIs changed.

Changes

Cohort / File(s)	Summary
Form builder CSS: Tailwind base & layers assets/css/admin/form-builder.css, src/css/admin/form-builder.css	Adds Tailwind @tailwind base; (Preflight) and wraps component rules in @layer components { ... }; moves white-background rule from multiple body-based selectors to #wpcontent { background: #fff; }.
Admin enqueue gating includes/Admin/Forms/Post/Templates/Form_Template.php, includes/Admin/Posting.php	Replaces unconditional admin_enqueue_scripts registration with WPUF-specific hooks (wpuf_load_post_forms, wpuf_load_registration_forms) and binds the form-template enqueue to wpuf_load_post_forms, so styles/scripts load only on WPUF admin screens.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~40 minutes

Possibly related PRs

• Fix/css scope conflict 1693 #1699 — Edits the same admin form-builder CSS and #wpcontent background scoping.
• Feature/template filtering search in post form #1621 — Modifies admin stylesheet loading behavior and form-builder CSS.
• Fix admin height issues by unsetting height constraints #1615 — Adjusts admin CSS targeting around #wpcontent/footer selectors.

Suggested labels

needs: dev review

Suggested reviewers

• sapayth

Pre-merge checks (5 passed)

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The current title clearly and concisely summarizes the primary change of preventing CSS leaks by restricting form-builder styles to WPUF pages only, without extraneous details or vague wording.
Linked Issues Check	✅ Passed	The pull request applies conditional enqueue logic via wpuf-specific hooks and refines CSS scoping to #wpcontent and WPUF admin screens, directly addressing the need to prevent the admin stylesheet from overriding global styles and ensuring it only affects WPUF pages [#1693].
Out of Scope Changes Check	✅ Passed	All modifications are focused on CSS scoping and conditional enqueueing to resolve the linked issue and there are no unrelated changes to other functionality or code areas.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

Poem

A rabbit hops through stylesheet rows,
Preflight winds where Tailwind blows.
I scope the white to #wpcontent bright,
Enqueue on WPUF when screens say right.
Hop, compile, and nibble the night. 🐇✨

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (9)

assets/css/admin/form-builder.css (3)

1008-1027: Duplicate transition declarations — trim to reduce size.

This rule repeats transition-property and transition-timing-function multiple times, bloating the CSS. Consider enabling cssnano’s duplicate removal (postcss-merge-rules) in the build to dedupe across the bundle.

---

6082-6084: Background override scope looks safe; optional extra scoping.

#wpcontent { background:#fff } is acceptable since the CSS now loads only on WPUF pages. If you want belt-and-suspenders isolation, add a WPUF body class to the selector.

-#wpcontent {
+body[class*="wpuf"] #wpcontent {
   background: #fff;
 }

---

6398-6414: Static analysis: possible duplicate property (outline).

Biome flagged a duplicate property around here. I couldn’t pinpoint a visible break, but duplicates do exist elsewhere. Running a dedupe/minify pass in the build would clear this and shrink output.

src/css/admin/form-builder.css (2)

121-129: FontAwesome dependency for selectize arrow.

Using content: '\f107' requires FA to be loaded on those screens. If FA isn’t guaranteed, consider a pure-CSS caret or Dashicons for consistency with WP.

-.selectize-control.single .selectize-input:after {
-    content: '\f107';
-    font-family: FontAwesome, serif;
+/* Use Dashicons caret-down (ensure dashicons is enqueued) */
+.selectize-control.single .selectize-input:after {
+    content: "\f140";
+    font-family: "dashicons";

---

188-216: Hard-coded green for range inputs.

If this control appears, tie colors to your primary theme token to keep branding consistent.

-    background: green;
+    background: var(--fallback-p, #059669);
...
-    background: green;
+    background: var(--fallback-p, #059669);

includes/Admin/Forms/Post/Templates/Form_Template.php (2)

85-89: Scoped enqueue is correct; harden screen checks.

Guard against null/undefined properties to avoid PHP 8 type errors on unusual screens.

-        $screen = get_current_screen();
-        if ($screen && (strpos($screen->id, 'wpuf') !== false || strpos($screen->base, 'wpuf') !== false)) {
+        $screen = function_exists('get_current_screen') ? get_current_screen() : null;
+        $id   = $screen && isset($screen->id) ? (string) $screen->id : '';
+        $base = $screen && isset($screen->base) ? (string) $screen->base : '';
+        if ( $screen && ( ($id !== '' && strpos($id, 'wpuf') !== false) || ($base !== '' && strpos($base, 'wpuf') !== false) ) ) {
             wp_enqueue_style( 'wpuf-admin-form-builder' );
         }

---

79-85: Avoid drift: centralize “is WPUF screen?” logic.

enqueue_scripts() already uses should_display() for deps; this additional screen sniffing is fine but duplicates logic with Posting::enqueue_script(). Consider extracting a helper (e.g., wpuf_is_wpuf_admin_screen()) to keep criteria in one place.

Also applies to: 85-90

includes/Admin/Posting.php (2)

108-112: Good gating; add defensive casts to prevent notices.

Cast screen properties to string before strpos to avoid type errors and align with other usages.

-        $screen = get_current_screen();
-        if ($screen && (strpos($screen->id, 'wpuf') !== false || strpos($screen->base, 'wpuf') !== false)) {
+        $screen = function_exists('get_current_screen') ? get_current_screen() : null;
+        $id   = $screen && isset($screen->id) ? (string) $screen->id : '';
+        $base = $screen && isset($screen->base) ? (string) $screen->base : '';
+        if ( $screen && ( ($id !== '' && strpos($id, 'wpuf') !== false) || ($base !== '' && strpos($base, 'wpuf') !== false) ) ) {
             wp_enqueue_style( 'wpuf-admin-form-builder' );
         }

---

108-112: Double-check coverage of non-WPUF edit screens.

If WPUF meta boxes appear on core post/page edit screens (screen IDs like “post”/“page”), this gate will skip form-builder CSS there. Verify the UI doesn’t regress; if needed, enqueue a smaller, metabox-only stylesheet on those screens instead of the full builder CSS.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ef1cc36 and 1723c6b.

📒 Files selected for processing (4)

• assets/css/admin/form-builder.css (2 hunks)
• includes/Admin/Forms/Post/Templates/Form_Template.php (1 hunks)
• includes/Admin/Posting.php (1 hunks)
• src/css/admin/form-builder.css (2 hunks)

🧰 Additional context used

🪛 Biome (2.1.2)

assets/css/admin/form-builder.css

[error] 641-641: Duplicate properties can lead to unexpected behavior and may override previous declarations unintentionally.

outline is already defined here.

Remove or rename the duplicate property to ensure consistent styling.

(lint/suspicious/noDuplicateProperties)

🔇 Additional comments (3)

assets/css/admin/form-builder.css (1)

1-3: Preflight in compiled CSS is acceptable given scoped enqueue.

Including Tailwind Preflight here is fine now that the stylesheet is gated to WPUF screens only. No action needed.

src/css/admin/form-builder.css (2)

1-1: Good call switching on Tailwind base in source.

This aligns source with the compiled Preflight and keeps intent clear.

---

53-55: Confirm no clash with admin color schemes.

For sites using custom admin color schemes or dark-mode plugins, verify that forcing #fff on #wpcontent is desired on WPUF pages.

[sapayth]

instead of checking the current screen, can we use wpuf_load_post_forms hook? wpuf_load_post_forms hook fires only on wpuf post form page

[sapayth]

instead of checking the current screen, can we use wpuf_load_post_forms hook? wpuf_load_post_forms hook fires only on wpuf post form page

[arifulhoque7]

done @sapayth vai

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

includes/Admin/Forms/Post/Templates/Form_Template.php (2)

36-51: LearnPress deregistration check is ineffective; it never matches the handle.

wp_list_pluck(..., 'src') yields numeric keys, so array_key_exists('learn-press-admin', $sources) is always false. The conflicting style will not be removed on WPUF screens.

Apply:

-        $sources = wp_list_pluck( $wp_styles->registered, 'src' );
-
-        // Look for any pre-existing learn-press style
-        $result = array_key_exists( 'learn-press-admin', $sources );
-
-        if ( $result ) {
-            wp_deregister_style( 'learn-press-admin' );
-        }
+        // Remove LearnPress admin CSS on WPUF screens only.
+        if ( wp_style_is( 'learn-press-admin', 'enqueued' ) ) {
+            wp_dequeue_style( 'learn-press-admin' );
+        }
+        if ( wp_style_is( 'learn-press-admin', 'registered' ) ) {
+            wp_deregister_style( 'learn-press-admin' );
+        }

---

58-72: Harden should_display() against null current screen.

On some load paths custom hooks can fire before get_current_screen() is ready. Accessing ->id on null would fatal.

-        $current_screen    = get_current_screen();
+        if ( ! function_exists( 'get_current_screen' ) ) {
+            return false;
+        }
+        $current_screen = get_current_screen();
+        if ( ! $current_screen ) {
+            return false;
+        }

♻️ Duplicate comments (1)

includes/Admin/Forms/Post/Templates/Form_Template.php (1)

15-16: Good switch to a page-scoped hook for enqueues.

Moving enqueues to wpuf_load_post_forms aligns with the goal of preventing global CSS leaks and matches prior feedback. Approved.

🧹 Nitpick comments (1)

includes/Admin/Forms/Post/Templates/Form_Template.php (1)

74-86: Redundant guard; the hook is already page-scoped.

enqueue_scripts() is hooked to wpuf_load_post_forms, so should_display() is unnecessary and can introduce a false negative if get_current_screen() is unavailable at that moment.

-        if ( ! $this->should_display() ) {
-            return;
-        }

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1723c6b and ef63aa2.

📒 Files selected for processing (2)

• includes/Admin/Forms/Post/Templates/Form_Template.php (1 hunks)
• includes/Admin/Posting.php (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• includes/Admin/Posting.php