diff --git a/src/wp-admin/includes/class-wp-posts-list-table.php b/src/wp-admin/includes/class-wp-posts-list-table.php
index fc039a7573f19..ce3484ff364e6 100644
--- a/src/wp-admin/includes/class-wp-posts-list-table.php
+++ b/src/wp-admin/includes/class-wp-posts-list-table.php
@@ -1122,7 +1122,7 @@ public function column_title( $post ) {
 				if ( get_option( 'wp_collaboration_enabled' ) ) {
 					$locked_avatar = '';
 					/* translators: Collaboration status message for a singular post in the post list. Can be any type of post. */
-					$locked_text   = esc_html_x( 'Currently being edited', 'post list' );
+					$locked_text = esc_html_x( 'Currently being edited', 'post list' );
 				} else {
 					$lock_holder   = get_userdata( $lock_holder );
 					$locked_avatar = get_avatar( $lock_holder->ID, 18 );
diff --git a/src/wp-includes/css-api/class-wp-css-builder.php b/src/wp-includes/css-api/class-wp-css-builder.php
new file mode 100644
index 0000000000000..56ae7a5ba009a
--- /dev/null
+++ b/src/wp-includes/css-api/class-wp-css-builder.php
@@ -0,0 +1,241 @@
+<?php
+
+abstract class WP_CSS_Builder {
+	/**
+	 * Create a CSS ident token from a plain PHP string value.
+	 *
+	 * Characters not valid in CSS identifiers are hex-escaped. This uses
+	 * the same safety escaping as {@see WP_CSS_Builder::string()} for HTML
+	 * and CSS-sensitive characters, plus escaping of whitespace and other
+	 * characters not permitted in idents.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#escaping
+	 * @see https://www.w3.org/TR/css-syntax-3/#would-start-an-identifier
+	 *
+	 * @param string $value Decoded string value to encode as a CSS ident.
+	 * @return string CSS ident token text.
+	 */
+	public static function ident( string $value ): string {
+		$value  = wp_scrub_utf8( $value );
+		$result = '';
+		$length = strlen( $value );
+
+		for ( $i = 0; $i < $length; $i++ ) {
+			$byte = ord( $value[ $i ] );
+
+			// NULL → U+FFFD REPLACEMENT CHARACTER.
+			if ( 0x00 === $byte ) {
+				$result .= "\u{FFFD}";
+				continue;
+			}
+
+			// Non-ASCII bytes (≥ 0x80): valid in idents, pass through.
+			if ( $byte >= 0x80 ) {
+				$result .= $value[ $i ];
+				continue;
+			}
+
+			// ASCII letters and underscore: always valid in idents.
+			if (
+				( $byte >= 0x41 && $byte <= 0x5A ) || // A-Z
+				( $byte >= 0x61 && $byte <= 0x7A ) || // a-z
+				0x5F === $byte                         // _
+			) {
+				$result .= $value[ $i ];
+				continue;
+			}
+
+			// Hyphen: valid in idents, but check for hyphen-digit at start.
+			if ( 0x2D === $byte ) {
+				// Hyphen at position 0 followed by a digit at position 1: escape the digit.
+				if ( 0 === $i && $i + 1 < $length && ord( $value[ $i + 1 ] ) >= 0x30 && ord( $value[ $i + 1 ] ) <= 0x39 ) {
+					$result .= '-';
+					++$i;
+					$result .= sprintf( '\\%X ', ord( $value[ $i ] ) );
+					continue;
+				}
+				$result .= '-';
+				continue;
+			}
+
+			// Digits: valid except at position 0.
+			if ( $byte >= 0x30 && $byte <= 0x39 ) {
+				if ( 0 === $i ) {
+					$result .= sprintf( '\\%X ', $byte );
+				} else {
+					$result .= $value[ $i ];
+				}
+				continue;
+			}
+
+			// Everything else: hex-escape.
+			$result .= sprintf( '\\%X ', $byte );
+		}
+
+		return $result;
+	}
+
+	/**
+	 * Create a quoted CSS string from a plain PHP string value.
+	 *
+	 * Example:
+	 *     $value = 'CSS & a "<style>" tag\'s strings';
+	 *     $css_string = WP_CSS_Builder::string( $value );
+	 *     echo "<style>*::before { content: {$css_string}; }</style>";
+	 *
+	 * CSS strings are quoted many characters that are problematic in HTML
+	 * or may be complicated for rudimentary CSS or HTML processors to handle
+	 * are encoded using Unicode escape sequences.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#escaping
+	 */
+	public static function string( string $value ): string {
+		$value   = wp_scrub_utf8( $value );
+		$escaped = strtr(
+			$value,
+			array(
+				// Escape existing backslashes to prevent unintentional escapes in result.
+				'\\'   => '\\5C ',
+
+				// Pre-processing replaces NULLs and some newlines. Replace and escape as necessary.
+				"\0"   => "\u{FFFD}",
+
+				// Normalize and replace newlines. https://www.w3.org/TR/css-syntax-3/#input-preprocessing
+				"\r\n" => '\\A ',
+				"\r"   => '\\A ',
+				"\f"   => '\\A ',
+
+				// Newlines must be escaped in CSS strings.
+				"\n"   => '\\A ',
+
+				// Arbitrary characters for Unicode escaping:
+
+				// HTML syntax may be problematic.
+				'<'    => '\\3C ',
+				'>'    => '\\3E ',
+				'&'    => '\\26 ',
+
+				// CSS syntax may be problematic.
+				','    => '\\2C ',
+				';'    => '\\3B ',
+				'{'    => '\\7B ',
+				'}'    => '\\7D ',
+				'"'    => '\\22 ',
+				"'"    => '\\27 ',
+			)
+		);
+		return "\"{$escaped}\"";
+	}
+
+	public static function normalize_and_escape_css( string $css ): string {
+		$css = wp_scrub_utf8( $css );
+		$processor = WP_CSS_Token_Processor::create( $css );
+		if ( null === $processor ) {
+			return '';
+		}
+
+		$normalized_css = '';
+
+		while ( $processor->next_token() ) {
+			switch ( $processor->get_token_type() ) {
+
+				// Basic punctuation:
+				case WP_CSS_Token_Processor::TOKEN_SEMICOLON: $normalized_css .= ';'; break;
+				case WP_CSS_Token_Processor::TOKEN_COMMA: $normalized_css .= ','; break;
+				case WP_CSS_Token_Processor::TOKEN_WHITESPACE: $normalized_css .= ' '; break;
+				case WP_CSS_Token_Processor::TOKEN_COLON: $normalized_css .= ':'; break;
+
+				// Paired punctuation:
+				case WP_CSS_Token_Processor::TOKEN_LEFT_BRACE: $normalized_css .= '{'; break;
+				case WP_CSS_Token_Processor::TOKEN_RIGHT_BRACE: $normalized_css .= '}'; break;
+				case WP_CSS_Token_Processor::TOKEN_LEFT_PAREN: $normalized_css .= '('; break;
+				case WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN: $normalized_css .= ')'; break;
+				case WP_CSS_Token_Processor::TOKEN_LEFT_BRACKET: $normalized_css .= '['; break;
+				case WP_CSS_Token_Processor::TOKEN_RIGHT_BRACKET: $normalized_css .= ']'; break;
+
+				// "@" + ident
+				case WP_CSS_Token_Processor::TOKEN_AT_KEYWORD:
+					$normalized_css .= '@' . self::ident( $processor->get_token_value() );
+					break;
+
+				// ident + "("
+				case WP_CSS_Token_Processor::TOKEN_FUNCTION:
+					$normalized_css .= self::ident( $processor->get_token_value() ) . '(';
+					break;
+
+				/*
+				 * Hash tokens are not idents but their value can be escaped as such.
+				 *
+				 *     ‖→ "#" →─┐   ┌──────────────────────────────┐   ┌─→‖
+				 *              ├─→─┤ a-z A-Z 0-9 _ - or non-ASCII ├─→─┤
+				 *              │   └──────────────────────────────┘   │
+				 *              │   ┌──────────────────────────────┐   │
+				 *              ├─→─┤            escape            ├─→─┤
+				 *              │   └──────────────────────────────┘   │
+				 *              └──────────────────←───────────────────┘
+				 */
+				case WP_CSS_Token_Processor::TOKEN_HASH:
+					$normalized_css .= '#' . self::ident( $processor->get_token_value() );
+					break;
+
+				case WP_CSS_Token_Processor::TOKEN_DIMENSION:
+					$normalized_css .= $processor->get_token_value() . $processor->get_token_unit();
+					break;
+
+				case WP_CSS_Token_Processor::TOKEN_PERCENTAGE:
+					$normalized_css .= "%{$processor->get_token_value()}";
+					break;
+
+				case WP_CSS_Token_Processor::TOKEN_NUMBER:
+					$normalized_css .= $processor->get_token_value();
+					break;
+
+				case WP_CSS_Token_Processor::TOKEN_DELIM:
+					$normalized_css .= $processor->get_token_value();
+					break;
+
+				case WP_CSS_Token_Processor::TOKEN_IDENT:
+					$normalized_css .= self::ident( $processor->get_token_value() );
+					break;
+
+				case WP_CSS_Token_Processor::TOKEN_STRING:
+					var_dump( $processor->get_token_value() );
+					$normalized_css .= self::string( $processor->get_token_value() );
+					break;
+
+				// Keep or strip comments?
+				case WP_CSS_Token_Processor::TOKEN_COMMENT:
+					$normalized_css .= substr( $css, $processor->get_token_start(), $processor->get_token_length() );
+					break;
+
+				/**
+				 * A <bad-string-token> is an open string that reaches a newline.
+				 *
+				 * @see https://www.w3.org/TR/css-syntax-3/#consume-string-token
+				 *
+				 * @see https://www.w3.org/TR/css-syntax-3/#preserved-tokens
+				 * > Note: The tokens <}-token>s, <)-token>s, <]-token>, <bad-string-token>, and <bad-url-token> are always parse errors, but they are preserved in the token stream by this specification to allow other specs, such as Media Queries, to define more fine-grained error-handling than just dropping an entire declaration or block.
+				 */
+				case WP_CSS_Token_Processor::TOKEN_BAD_STRING:
+					$normalized_css .= substr( $css, $processor->get_token_start(), $processor->get_token_length() ) . "\n";
+					break;
+
+				case WP_CSS_Token_Processor::TOKEN_URL:
+				case WP_CSS_Token_Processor::TOKEN_BAD_URL:
+				case WP_CSS_Token_Processor::TOKEN_CDC:
+				case WP_CSS_Token_Processor::TOKEN_CDO:
+				default:
+					throw new Error( 'unhandled token type ' . $processor->get_token_type() . ' with value ' . var_export( $processor->get_token_value(), true ) );
+			}
+		}
+
+		return strtr(
+			$normalized_css,
+			array(
+				' ' => '␠',
+				"\t" => "␉\t",
+				"\n" => "␊\n",
+			)
+		);
+	}
+}
diff --git a/src/wp-includes/css-api/class-wp-css-processor.php b/src/wp-includes/css-api/class-wp-css-processor.php
new file mode 100644
index 0000000000000..b8ab2c0adb99e
--- /dev/null
+++ b/src/wp-includes/css-api/class-wp-css-processor.php
@@ -0,0 +1,645 @@
+<?php
+
+class WP_CSS_Processor {
+	/**
+	 * The original CSS input string.
+	 *
+	 * @var string
+	 */
+	private string $css;
+
+	/**
+	 * The underlying token processor.
+	 *
+	 * @var WP_CSS_Token_Processor
+	 */
+	private WP_CSS_Token_Processor $processor;
+
+	/**
+	 * Queued byte-range replacements, applied by get_updated_css().
+	 *
+	 * Each entry is an array with keys: 'start', 'length', 'text'.
+	 *
+	 * @var array[]
+	 */
+	private array $lexical_updates = array();
+
+	/**
+	 * Declarations to append, each with 'name' and 'value' keys.
+	 *
+	 * @var array[]
+	 */
+	private array $appended_declarations = array();
+
+	/**
+	 * Decoded property name of the current declaration, or null.
+	 *
+	 * @var string|null
+	 */
+	private ?string $current_name = null;
+
+	/**
+	 * Byte offset of the property name start.
+	 *
+	 * @var int|null
+	 */
+	private ?int $declaration_start = null;
+
+	/**
+	 * Byte offset after the trailing `;` or after the value end.
+	 *
+	 * @var int|null
+	 */
+	private ?int $declaration_end = null;
+
+	/**
+	 * Byte offset immediately after the colon token.
+	 *
+	 * @var int|null
+	 */
+	private ?int $after_colon = null;
+
+	/**
+	 * Byte offset of the first non-whitespace value token, or null for empty values.
+	 *
+	 * @var int|null
+	 */
+	private ?int $value_start = null;
+
+	/**
+	 * Byte offset after the last non-whitespace value token, or null for empty values.
+	 *
+	 * @var int|null
+	 */
+	private ?int $value_end = null;
+
+	/**
+	 * Pending mutation for the current declaration, or null.
+	 *
+	 * @var array|null
+	 */
+	private ?array $pending_mutation = null;
+
+	/**
+	 * Private constructor. Use create_declaration_list() or parse_a_rule().
+	 *
+	 * @param string                 $css       The CSS input.
+	 * @param WP_CSS_Token_Processor $processor The token processor.
+	 */
+	private function __construct( string $css, WP_CSS_Token_Processor $processor ) {
+		$this->css       = $css;
+		$this->processor = $processor;
+	}
+
+	/**
+	 * Creates a processor for iterating and mutating declarations.
+	 *
+	 * @param string $css The CSS declaration list (e.g. contents of a style block).
+	 * @return self|null The processor, or null on invalid encoding.
+	 */
+	public static function create_declaration_list( string $css ): ?self {
+		$processor = WP_CSS_Token_Processor::create( $css );
+		if ( null === $processor ) {
+			return null;
+		}
+		return new self( $css, $processor );
+	}
+
+	/**
+	 * Advances to the next declaration in the list.
+	 *
+	 * Implements "consume a list of declarations" from CSS Syntax Level 3,
+	 * stopping at each valid declaration. At-rules are consumed but skipped.
+	 * Invalid declarations trigger error recovery and are skipped.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#consume-a-list-of-declarations
+	 *
+	 * @return bool True if a declaration was found, false at EOF.
+	 */
+	public function next_declaration(): bool {
+		$this->commit_pending_mutation();
+
+		// Reset declaration state.
+		$this->current_name      = null;
+		$this->declaration_start = null;
+		$this->declaration_end   = null;
+		$this->after_colon       = null;
+		$this->value_start       = null;
+		$this->value_end         = null;
+
+		while ( $this->processor->next_token() ) {
+			$type = $this->processor->get_token_type();
+
+			// Whitespace, comments, and semicolons: do nothing.
+			if (
+				WP_CSS_Token_Processor::TOKEN_WHITESPACE === $type ||
+				WP_CSS_Token_Processor::TOKEN_COMMENT === $type ||
+				WP_CSS_Token_Processor::TOKEN_SEMICOLON === $type
+			) {
+				continue;
+			}
+
+			// At-keyword: consume an at-rule, do not yield.
+			if ( WP_CSS_Token_Processor::TOKEN_AT_KEYWORD === $type ) {
+				self::consume_at_rule( $this->processor );
+				continue;
+			}
+
+			// Ident token: attempt to consume a declaration.
+			if ( WP_CSS_Token_Processor::TOKEN_IDENT === $type ) {
+				$name       = $this->processor->get_token_value();
+				$decl_start = $this->processor->get_token_start();
+
+				// Skip whitespace/comments to find the colon.
+				if ( ! self::next_non_whitespace_comment_token( $this->processor ) ) {
+					// EOF without colon.
+					return false;
+				}
+
+				if ( WP_CSS_Token_Processor::TOKEN_COLON !== $this->processor->get_token_type() ) {
+					// No colon: not a valid declaration.
+					if ( WP_CSS_Token_Processor::TOKEN_SEMICOLON !== $this->processor->get_token_type() ) {
+						self::consume_the_remnants_of_a_bad_declaration( $this->processor );
+					}
+					continue;
+				}
+
+				$colon_end = $this->processor->get_token_start() + $this->processor->get_token_length();
+
+				// Consume the value, tracking byte offsets.
+				$value_start    = null;
+				$value_end      = null;
+				$semicolon_end  = null;
+
+				while ( $this->processor->next_token() ) {
+					$vtype = $this->processor->get_token_type();
+
+					if ( WP_CSS_Token_Processor::TOKEN_SEMICOLON === $vtype ) {
+						$semicolon_end = $this->processor->get_token_start() + $this->processor->get_token_length();
+						break;
+					}
+
+					if (
+						WP_CSS_Token_Processor::TOKEN_WHITESPACE === $vtype ||
+						WP_CSS_Token_Processor::TOKEN_COMMENT === $vtype
+					) {
+						continue;
+					}
+
+					if ( null === $value_start ) {
+						$value_start = $this->processor->get_token_start();
+					}
+
+					self::consume_component_value( $this->processor );
+
+					$value_end = $this->processor->get_token_start() + $this->processor->get_token_length();
+				}
+
+				// Store declaration state.
+				$this->current_name      = $name;
+				$this->declaration_start = $decl_start;
+				$this->after_colon       = $colon_end;
+				$this->value_start       = $value_start;
+				$this->value_end         = $value_end;
+				$this->declaration_end   = $semicolon_end ?? $value_end ?? $colon_end;
+
+				return true;
+			}
+
+			// Anything else: parse error. Consume until ; or EOF.
+			self::consume_the_remnants_of_a_bad_declaration( $this->processor );
+		}
+
+		return false;
+	}
+
+	/**
+	 * Returns the property name of the current declaration.
+	 *
+	 * @return string|null The decoded property name, or null.
+	 */
+	public function get_name(): ?string {
+		return $this->current_name;
+	}
+
+	/**
+	 * Returns the component values string of the current declaration.
+	 *
+	 * Leading and trailing whitespace/comments are trimmed. Comments
+	 * between value tokens are preserved.
+	 *
+	 * @return string|null The value string, empty string for empty values, or null.
+	 */
+	public function get_value(): ?string {
+		if ( null === $this->current_name ) {
+			return null;
+		}
+		if ( null === $this->value_start ) {
+			return '';
+		}
+		return substr( $this->css, $this->value_start, $this->value_end - $this->value_start );
+	}
+
+	/**
+	 * Queues a replacement of the current declaration's value.
+	 *
+	 * The new value is validated for structural safety: bare semicolons,
+	 * unmatched closing braces, and unbalanced blocks are rejected.
+	 *
+	 * If both set_value() and remove() are called on the same declaration,
+	 * the last call wins.
+	 *
+	 * @param string $value The new CSS value text.
+	 * @return bool True if accepted, false on validation failure or no current declaration.
+	 */
+	public function set_value( string $value ): bool {
+		if ( null === $this->current_name ) {
+			return false;
+		}
+		if ( ! self::is_valid_declaration_value( $value ) ) {
+			return false;
+		}
+		$this->pending_mutation = array(
+			'type'  => 'set_value',
+			'value' => $value,
+		);
+		return true;
+	}
+
+	/**
+	 * Queues removal of the current declaration.
+	 *
+	 * The declaration bytes including the trailing semicolon (if present)
+	 * are removed. If both set_value() and remove() are called on the
+	 * same declaration, the last call wins.
+	 *
+	 * @return bool True if accepted, false when not on a declaration.
+	 */
+	public function remove(): bool {
+		if ( null === $this->current_name ) {
+			return false;
+		}
+		$this->pending_mutation = array( 'type' => 'remove' );
+		return true;
+	}
+
+	/**
+	 * Queues a new declaration to be appended after all existing content.
+	 *
+	 * Both the name and value are validated. The name must tokenize as a
+	 * single CSS ident. The value must be structurally safe.
+	 *
+	 * @param string $name  The property name.
+	 * @param string $value The CSS value text.
+	 * @return bool True if accepted, false on validation failure.
+	 */
+	public function append_declaration( string $name, string $value ): bool {
+		if ( ! self::is_valid_declaration_value( $value ) ) {
+			return false;
+		}
+
+		$name_processor = WP_CSS_Token_Processor::create( $name );
+		if ( null === $name_processor || ! $name_processor->next_token() ) {
+			return false;
+		}
+		if ( WP_CSS_Token_Processor::TOKEN_IDENT !== $name_processor->get_token_type() ) {
+			return false;
+		}
+		$decoded_name = $name_processor->get_token_value();
+		if ( $name_processor->next_token() ) {
+			return false;
+		}
+
+		$this->appended_declarations[] = array(
+			'name'  => WP_CSS_Builder::ident( $decoded_name ),
+			'value' => $value,
+		);
+		return true;
+	}
+
+	/**
+	 * Returns the CSS with all queued mutations applied.
+	 *
+	 * @return string The updated CSS string.
+	 */
+	public function get_updated_css(): string {
+		$this->commit_pending_mutation();
+
+		if ( ! empty( $this->lexical_updates ) ) {
+			usort(
+				$this->lexical_updates,
+				static function ( $a, $b ) {
+					return $a['start'] - $b['start'];
+				}
+			);
+
+			$output               = '';
+			$bytes_already_copied = 0;
+
+			foreach ( $this->lexical_updates as $update ) {
+				$output              .= substr( $this->css, $bytes_already_copied, $update['start'] - $bytes_already_copied );
+				$output              .= $update['text'];
+				$bytes_already_copied = $update['start'] + $update['length'];
+			}
+
+			$output .= substr( $this->css, $bytes_already_copied );
+		} else {
+			$output = $this->css;
+		}
+
+		foreach ( $this->appended_declarations as $decl ) {
+			if ( '' !== $output && ';' !== substr( $output, -1 ) ) {
+				$output .= ';';
+			}
+			$output .= ' ' . $decl['name'] . ': ' . $decl['value'];
+		}
+
+		return $output;
+	}
+
+	/**
+	 * Commits the pending mutation for the current declaration to the lexical updates list.
+	 */
+	private function commit_pending_mutation(): void {
+		if ( null === $this->pending_mutation ) {
+			return;
+		}
+
+		$mutation              = $this->pending_mutation;
+		$this->pending_mutation = null;
+
+		if ( 'remove' === $mutation['type'] ) {
+			$this->lexical_updates[] = array(
+				'start'  => $this->declaration_start,
+				'length' => $this->declaration_end - $this->declaration_start,
+				'text'   => '',
+			);
+			return;
+		}
+
+		if ( 'set_value' === $mutation['type'] ) {
+			if ( null !== $this->value_start ) {
+				$this->lexical_updates[] = array(
+					'start'  => $this->value_start,
+					'length' => $this->value_end - $this->value_start,
+					'text'   => $mutation['value'],
+				);
+			} else {
+				// Empty value: insert after the colon.
+				$this->lexical_updates[] = array(
+					'start'  => $this->after_colon,
+					'length' => 0,
+					'text'   => ' ' . $mutation['value'],
+				);
+			}
+		}
+	}
+
+	/**
+	 * Validates that a string is structurally safe as a declaration value.
+	 *
+	 * Rejects values containing bare semicolons, unmatched closing braces,
+	 * or unbalanced blocks that could break out of the declaration or
+	 * enclosing rule context.
+	 *
+	 * @param string $css The candidate value text.
+	 * @return bool Whether the value is structurally safe.
+	 */
+	private static function is_valid_declaration_value( string $css ): bool {
+		$processor = WP_CSS_Token_Processor::create( $css );
+		if ( null === $processor ) {
+			return false;
+		}
+
+		$depth = 0;
+
+		while ( $processor->next_token() ) {
+			$type = $processor->get_token_type();
+
+			if (
+				WP_CSS_Token_Processor::TOKEN_LEFT_PAREN === $type ||
+				WP_CSS_Token_Processor::TOKEN_LEFT_BRACKET === $type ||
+				WP_CSS_Token_Processor::TOKEN_LEFT_BRACE === $type ||
+				WP_CSS_Token_Processor::TOKEN_FUNCTION === $type
+			) {
+				++$depth;
+				continue;
+			}
+
+			if (
+				WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN === $type ||
+				WP_CSS_Token_Processor::TOKEN_RIGHT_BRACKET === $type
+			) {
+				--$depth;
+				continue;
+			}
+
+			if ( WP_CSS_Token_Processor::TOKEN_RIGHT_BRACE === $type ) {
+				if ( $depth <= 0 ) {
+					// Unmatched } would escape an enclosing block.
+					return false;
+				}
+				--$depth;
+				continue;
+			}
+
+			if ( 0 === $depth && WP_CSS_Token_Processor::TOKEN_SEMICOLON === $type ) {
+				// Bare semicolon would split the declaration.
+				return false;
+			}
+		}
+
+		return 0 === $depth;
+	}
+
+	/**
+	 * Implements "parse a rule" from CSS Syntax Level 3.
+	 *
+	 * Returns true if the input contains exactly one CSS rule
+	 * (at-rule or qualified rule), false for syntax errors.
+	 *
+	 * > 5.3.5. Parse a rule
+	 * > To parse a rule from input:
+	 * > 1. Normalize input, and set input to the result.
+	 * > 2. While the next input token from input is a <whitespace-token>, consume the next input token from input.
+	 * > 3. If the next input token from input is an <EOF-token>, return a syntax error.
+	 * >    Otherwise, if the next input token from input is an <at-keyword-token>, consume an at-rule from input, and let rule be the return value.
+	 * >    Otherwise, consume a qualified rule from input and let rule be the return value. If nothing was returned, return a syntax error.
+	 * > 4. While the next input token from input is a <whitespace-token>, consume the next input token from input.
+	 * > 5. If the next input token from input is an <EOF-token>, return rule. Otherwise, return a syntax error.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#parse-a-rule
+	 *
+	 * @param string $css The CSS input.
+	 * @return bool Whether the input is a single valid CSS rule.
+	 */
+	public static function parse_a_rule( string $css ): bool {
+		$processor = WP_CSS_Token_Processor::create( $css );
+		if ( null === $processor ) {
+			return false;
+		}
+
+		// Step 2: Discard whitespace and comments.
+		if ( ! self::next_non_whitespace_comment_token( $processor ) ) {
+			// Step 3: EOF → syntax error.
+			return false;
+		}
+
+		if ( WP_CSS_Token_Processor::TOKEN_AT_KEYWORD === $processor->get_token_type() ) {
+			// Step 4: Consume an at-rule.
+			self::consume_at_rule( $processor );
+		} else {
+			// Step 5: Consume a qualified rule.
+			if ( ! self::consume_qualified_rule( $processor ) ) {
+				return false;
+			}
+		}
+
+		// Steps 6–7: Discard whitespace/comments, then expect EOF.
+		if ( self::next_non_whitespace_comment_token( $processor ) ) {
+			// Non-EOF after the rule → syntax error.
+			return false;
+		}
+
+		return true;
+	}
+
+	/**
+	 * Advances past whitespace and comment tokens.
+	 *
+	 * Returns true if a non-whitespace/non-comment token was found,
+	 * false if EOF was reached.
+	 */
+	private static function next_non_whitespace_comment_token( WP_CSS_Token_Processor $processor ): bool {
+		while ( $processor->next_token() ) {
+			$type = $processor->get_token_type();
+			if (
+				WP_CSS_Token_Processor::TOKEN_WHITESPACE !== $type &&
+				WP_CSS_Token_Processor::TOKEN_COMMENT !== $type
+			) {
+				return true;
+			}
+		}
+		return false;
+	}
+
+	/**
+	 * Consumes an at-rule from the token stream.
+	 *
+	 * The processor must be positioned on an at-keyword token.
+	 * Per spec, at-rules are always returned even on EOF (parse error noted).
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#consume-an-at-rule
+	 */
+	private static function consume_at_rule( WP_CSS_Token_Processor $processor ): void {
+		while ( $processor->next_token() ) {
+			$type = $processor->get_token_type();
+
+			if ( WP_CSS_Token_Processor::TOKEN_SEMICOLON === $type ) {
+				return;
+			}
+
+			if ( WP_CSS_Token_Processor::TOKEN_LEFT_BRACE === $type ) {
+				self::consume_simple_block( $processor, WP_CSS_Token_Processor::TOKEN_RIGHT_BRACE );
+				return;
+			}
+
+			// Consume component values so that `;` and `{` inside
+			// paired tokens ((), [], functions) are not misidentified.
+			self::consume_component_value( $processor );
+		}
+		// EOF: at-rule is still returned per spec.
+	}
+
+	/**
+	 * Consumes a qualified rule from the token stream.
+	 *
+	 * The processor must be positioned on the first prelude token.
+	 * Returns true if a qualified rule was found (a block was consumed),
+	 * false if EOF was reached without finding a block.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#consume-a-qualified-rule
+	 */
+	private static function consume_qualified_rule( WP_CSS_Token_Processor $processor ): bool {
+		/*
+		 * The processor is already positioned on the first token.
+		 * Loop starting from the current token, then continue with next_token().
+		 */
+		do {
+			if ( WP_CSS_Token_Processor::TOKEN_LEFT_BRACE === $processor->get_token_type() ) {
+				self::consume_simple_block( $processor, WP_CSS_Token_Processor::TOKEN_RIGHT_BRACE );
+				return true;
+			}
+
+			// Consume component values so that `{` inside
+			// paired tokens ((), [], functions) is not misidentified.
+			self::consume_component_value( $processor );
+		} while ( $processor->next_token() );
+
+		// EOF without finding a block → return nothing (syntax error).
+		return false;
+	}
+
+	/**
+	 * Consumes a component value from the token stream.
+	 *
+	 * The processor must be positioned on the current token. If the token
+	 * opens a paired block — `(`, `[`, or a function token — the entire
+	 * block is consumed up to the matching close token or EOF.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#consume-a-component-value
+	 */
+	private static function consume_component_value( WP_CSS_Token_Processor $processor ): void {
+		$type = $processor->get_token_type();
+
+		if ( WP_CSS_Token_Processor::TOKEN_LEFT_PAREN === $type || WP_CSS_Token_Processor::TOKEN_FUNCTION === $type ) {
+			self::consume_simple_block( $processor, WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN );
+		} elseif ( WP_CSS_Token_Processor::TOKEN_LEFT_BRACKET === $type ) {
+			self::consume_simple_block( $processor, WP_CSS_Token_Processor::TOKEN_RIGHT_BRACKET );
+		} elseif ( WP_CSS_Token_Processor::TOKEN_LEFT_BRACE === $type ) {
+			self::consume_simple_block( $processor, WP_CSS_Token_Processor::TOKEN_RIGHT_BRACE );
+		}
+	}
+
+	/**
+	 * Consumes the remnants of a bad declaration from the token stream.
+	 *
+	 * The processor must be positioned on the current token.
+	 * Consumes it as a component value, then advances consuming
+	 * component values until a semicolon or EOF is reached.
+	 *
+	 * @param WP_CSS_Token_Processor $processor The token processor.
+	 */
+	private static function consume_the_remnants_of_a_bad_declaration( WP_CSS_Token_Processor $processor ): void {
+		self::consume_component_value( $processor );
+		while ( $processor->next_token() ) {
+			if ( WP_CSS_Token_Processor::TOKEN_SEMICOLON === $processor->get_token_type() ) {
+				return;
+			}
+			self::consume_component_value( $processor );
+		}
+	}
+
+	/**
+	 * Consumes a simple block from the token stream.
+	 *
+	 * The processor must be positioned on the opening token.
+	 * Consumes tokens until the matching ending token or EOF.
+	 * Nested component values (paired tokens) are consumed recursively.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#consume-a-simple-block
+	 *
+	 * @param WP_CSS_Token_Processor $processor    The token processor.
+	 * @param string                 $ending_token The token type that closes this block.
+	 */
+	private static function consume_simple_block( WP_CSS_Token_Processor $processor, string $ending_token ): void {
+		while ( $processor->next_token() ) {
+			if ( $ending_token === $processor->get_token_type() ) {
+				return;
+			}
+
+			self::consume_component_value( $processor );
+		}
+		// EOF: block is still returned per spec.
+	}
+}
diff --git a/src/wp-includes/css-api/class-wp-css-token-processor.php b/src/wp-includes/css-api/class-wp-css-token-processor.php
new file mode 100644
index 0000000000000..1599a8a584882
--- /dev/null
+++ b/src/wp-includes/css-api/class-wp-css-token-processor.php
@@ -0,0 +1,1785 @@
+<?php
+
+/**
+ * Tokenizes CSS according to the CSS Syntax Level 3 specification.
+ *
+ * This class follows the algorithm in https://www.w3.org/TR/css-syntax-3/ and
+ * exposes a pull-based API so callers can stream over large stylesheets without
+ * allocating every token up front. Each call to next_token() advances the cursor
+ * and fills in metadata (type, value, raw slice, byte offsets) that you can read
+ * through the getter methods.
+ *
+ * ## Design choices
+ *
+ * ### On-the-fly normalization
+ *
+ * The CSS Spec requires the following normalization step:
+ *
+ * > Replace any U+000D CARRIAGE RETURN (CR) code points, U+000C FORM FEED (FF)
+ * > code points, or pairs of U+000D CARRIAGE RETURN (CR) followed by U+000A LINE
+ * > FEED (LF) in input by a single U+000A LINE FEED (LF) code point.
+ * > Replace any U+0000 NULL or surrogate code points in input with U+FFFD REPLACEMENT
+ * > CHARACTER (�).
+ *
+ * This processor delays normalization as much as possible. That keeps the raw byte
+ * positions intact for accurate rewrites while still letting consumers ask for a
+ * normalized token when they need one.
+ *
+ * ### No EOF token
+ *
+ * The EOF token is a CSS parsing concept, not CSS tokenization concept. Therefore,
+ * this processor does not produce it.
+ *
+ * ### UTF-8 handling
+ *
+ * Only UTF-8 strings are supported. Invalid sequences are replaced with U+FFFD (�)
+ * using the maximal subpart approach described in
+ * https://www.unicode.org/versions/Unicode9.0.0/ch03.pdf, section 3.9 Best Practices
+ * for Using U+FFFD.
+ *
+ * ## Usage
+ *
+ * Basic iteration:
+ *
+ *     $css = 'width: 10px;';
+ *     $processor = WP_CSS_Token_Processor::create( $css );
+ *     while ( $processor->next_token() ) {
+ *         echo $processor->get_normalized_token();
+ *     }
+ *     // Outputs:
+ *     // width: 10px;
+ *
+ * Rewriting a URL while keeping the rest of the stylesheet intact:
+ *
+ *     $css = 'background: url(old.jpg) center / cover;';
+ *     $processor = WP_CSS_Token_Processor::create( $css );
+ *     while ( $processor->next_token() ) {
+ *         if ( WP_CSS_Token_Processor::TOKEN_URL === $processor->get_token_type() ) {
+ *             $processor->set_value( 'uploads/new.jpg' );
+ *         }
+ *     }
+ *     $result = $processor->get_updated_css();
+ *     // background: url(uploads/new.jpg) center / cover;
+ *
+ * Gathering diagnostics with byte offsets:
+ *
+ *     $css = "color: red;\ncolor: re\nd;";
+ *     $processor = WP_CSS_Token_Processor::create( $css );
+ *     $bad_strings = array();
+ *     while ( $processor->next_token() ) {
+ *         if ( WP_CSS_Token_Processor::TOKEN_BAD_STRING === $processor->get_token_type() ) {
+ *             $bad_strings[] = array(
+ *                 'start'  => $processor->get_token_start(),
+ *                 'length' => $processor->get_token_length(),
+ *                 'value'  => $processor->get_unnormalized_token(),
+ *             );
+ *         }
+ *     }
+ *
+ * @see https://www.w3.org/TR/css-syntax-3/#tokenization
+ */
+class WP_CSS_Token_Processor {
+	/**
+	 * Token type constants matching the CSS Syntax Level 3 specification.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#tokenization
+	 */
+	public const TOKEN_WHITESPACE = 'whitespace-token';
+	public const TOKEN_COMMENT    = 'comment';
+	public const TOKEN_STRING     = 'string-token';
+
+	/**
+	 * BAD-STRING tokens occur when a string contains an unescaped newline.
+	 *
+	 * Valid strings: "hello", 'world', "line1\Aline2" (escaped newline)
+	 * Invalid (produces bad-string): "hello
+	 *                                 world"  (literal newline breaks the string)
+	 *
+	 * The processor stops at the newline and produces a bad-string token for error recovery.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#typedef-bad-string-token
+	 */
+	public const TOKEN_BAD_STRING    = 'bad-string-token';
+	public const TOKEN_HASH          = 'hash-token';
+	public const TOKEN_DELIM         = 'delim-token';
+	public const TOKEN_NUMBER        = 'number-token';
+	public const TOKEN_PERCENTAGE    = 'percentage-token';
+	public const TOKEN_DIMENSION     = 'dimension-token';
+	public const TOKEN_AT_KEYWORD    = 'at-keyword-token';
+	public const TOKEN_COLON         = 'colon-token';
+	public const TOKEN_SEMICOLON     = 'semicolon-token';
+	public const TOKEN_COMMA         = 'comma-token';
+	public const TOKEN_LEFT_PAREN    = '(-token';
+	public const TOKEN_RIGHT_PAREN   = ')-token';
+	public const TOKEN_LEFT_BRACKET  = '[-token';
+	public const TOKEN_RIGHT_BRACKET = ']-token';
+	public const TOKEN_LEFT_BRACE    = '{-token';
+	public const TOKEN_RIGHT_BRACE   = '}-token';
+	public const TOKEN_FUNCTION      = 'function-token';
+
+	/**
+	 * URL tokens represent unquoted URLs in url() notation.
+	 *
+	 * For example, `url(image.jpg)` is a URL token.
+	 *
+	 * Quoted URLs like `url( "https://example.com" )` are handled as a function
+	 * token, _not_ a URL token.
+	 *
+	 * Bad URL tokens are created when invalid characters are encountered in
+	 * a URL token.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#typedef-url-token
+	 */
+	public const TOKEN_URL = 'url-token';
+
+	/**
+	 * BAD-URL tokens occur when a URL contains invalid characters.
+	 *
+	 * Invalid characters: quotes ("), apostrophes ('), parentheses (()
+	 * Example invalid: url(image(.jpg) or url(image".jpg)
+	 *
+	 * When detected, the processor consumes everything up to ) or EOF.
+	 * This prevents the bad URL from breaking subsequent tokens.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#typedef-bad-url-token
+	 */
+	public const TOKEN_BAD_URL = 'bad-url-token';
+
+	/**
+	 * Identifier tokens, such as `color`, `margin-top`, `red`,
+	 * `inherit`, `--my-var`, `\x-escaped`, `über` (Unicode), etc.
+	 *
+	 * There are restrictions on the codepoints that start or are contained in
+	 * an identifier, and identifiers may contain escape sequences.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#typedef-ident-token
+	 */
+	public const TOKEN_IDENT = 'ident-token';
+
+	/**
+	 * CDC (Comment Delimiter Close) token: -->
+	 *
+	 * Legacy token from when CSS was embedded in HTML <style> tags
+	 * and needed to be hidden from old browsers using HTML comments:
+	 *
+	 *   <style>
+	 *   <!--
+	 *   body { color: red; }
+	 *   -->
+	 *   </style>
+	 *
+	 * Modern CSS no longer needs these, but they're preserved for compatibility.
+	 * In stylesheets, they're typically treated like whitespace.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#typedef-CDC-token
+	 */
+	public const TOKEN_CDC = 'CDC-token';
+
+	/**
+	 * CDO (Comment Delimiter Open) token: <!--
+	 *
+	 * Legacy token from when CSS was embedded in HTML <style> tags.
+	 * See TOKEN_CDC for full explanation of HTML comment compatibility.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#typedef-CDO-token
+	 */
+	public const TOKEN_CDO = 'CDO-token';
+
+	/**
+	 * @var string
+	 */
+	private $css;
+
+	/**
+	 * @var int
+	 */
+	private $length = 0;
+
+	/**
+	 * @var int
+	 */
+	private $at = 0;
+
+	/**
+	 * The type of the current token. One of the self::TOKEN_* constants.
+	 *
+	 * @var string|null
+	 * @phpstan-var self::TOKEN_*|null
+	 */
+	private $token_type = null;
+
+	/**
+	 * The byte offset at which the current token starts.
+	 *
+	 * Example:
+	 *
+	 * background-image: url(https://example.com/image.jpg);
+	 *                   ^ token_starts_at
+	 *
+	 * @var int|null
+	 */
+	private $token_starts_at = null;
+
+	/**
+	 * The byte length of the current token.
+	 *
+	 * Example:
+	 *
+	 * background-image: url(https://example.com/image.jpg);
+	 *                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+	 *                             token_length
+	 *
+	 * @var int|null
+	 */
+	private $token_length = null;
+
+	/**
+	 * The byte offset at which the value of the current token starts.
+	 *
+	 * It is used for STRING and URL tokens. For example:
+	 *
+	 * background-image: url(https://example.com/image.jpg);
+	 *                       ^ token_value_starts_at
+	 *
+	 * @var int|null
+	 */
+	private $token_value_starts_at = null;
+
+	/**
+	 * The byte offset at which the value of the current token starts.
+	 *
+	 * It is relevant for STRING and URL tokens. For example:
+	 *
+	 * background-image: url(https://example.com/image.jpg);
+	 *                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+	 *                             token_value_length
+	 *
+	 * @var int|null
+	 */
+	private $token_value_length = null;
+
+	/**
+	 * The string value of the current token.
+	 *
+	 * For numbers, this is a float.
+	 * For identifiers/functions/strings/URLs with escapes, this is a decoded string.
+	 * Otherwise, it's null and the value is computed from token indices.
+	 *
+	 * @var string|float|null
+	 */
+	private $token_value = null;
+
+	/**
+	 * The unit of the current token, e.g. "px", "em", "deg", etc.
+	 *
+	 * @var string|null
+	 */
+	private $token_unit = null;
+
+	/**
+	 * Lexical replacements to apply to input CSS document.
+	 *
+	 * Tracks modifications to be applied to the CSS, such as changing URL values.
+	 * Each entry is an associative array with 'start', 'length', and 'text' keys.
+	 *
+	 * @var array[]
+	 */
+	private $lexical_updates = array();
+
+	/**
+	 * Constructor for the CSS processor.
+	 *
+	 * Do not instantiate directly. Use WP_CSS_Token_Processor::create() instead.
+	 *
+	 * @param string $css         CSS source to tokenize.
+	 */
+	private function __construct( string $css ) {
+		$this->css    = $css;
+		$this->length = strlen( $css );
+	}
+
+	/**
+	 * Creates a CSS processor for the given CSS string.
+	 *
+	 * Use this method to create a CSS processor instance.
+	 *
+	 * ## Current Support
+	 *
+	 * - The only supported document encoding is `UTF-8`, which is the default value.
+	 *
+	 * @param string $css      CSS source to tokenize.
+	 * @param string $encoding Text encoding of the document; must be default of 'UTF-8'.
+	 * @return static|null The created processor if successful, otherwise null.
+	 */
+	public static function create( string $css, string $encoding = 'UTF-8' ) {
+		if ( 'UTF-8' !== $encoding ) {
+			return null;
+		}
+
+		return new static( $css );
+	}
+
+	/**
+	 * Moves to the next token in the CSS stream.
+	 *
+	 * Implements the main tokenization loop, consuming the next token from the input stream.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#consume-token
+	 *
+	 * @return bool Whether a token was found.
+	 */
+	public function next_token(): bool {
+		$this->after_token();
+
+		// Bale out once we reach the end.
+		if ( $this->at >= $this->length ) {
+			return false;
+		}
+
+		/*
+		 * CSS comments. They are not preserved as tokens in the specification, but we
+		 * still track them.
+		 *
+		 * @see https://www.w3.org/TR/css-syntax-3/#consume-comment
+		 */
+		if (
+			$this->at + 1 < $this->length &&
+			'/' === $this->css[ $this->at ] &&
+			'*' === $this->css[ $this->at + 1 ]
+		) {
+			$this->token_type            = self::TOKEN_COMMENT;
+			$this->token_starts_at       = $this->at;
+			$this->token_value_starts_at = $this->at;
+
+			$end                      = strpos( $this->css, '*/', $this->at + 2 );
+			$this->at                 = false !== $end ? $end + 2 : $this->length;
+			$this->token_length       = $this->at - $this->token_starts_at;
+			$this->token_value_length = $this->token_length - 4;
+			return true;
+		}
+
+		/*
+		 * Whitespace tokens.
+		 *
+		 * We consider U+000A LINE FEED, U+0009 CHARACTER TABULATION, and U+0020 SPACE bytes covered by the spec.
+		 * In addition, we also capture U+000D CARRIAGE RETURN and U+000C FORM FEED that are normally converted to
+		 * U+000A LINE FEED during the preprocessing phase.
+		 *
+		 * @see https://www.w3.org/TR/css-syntax-3/#newline
+		 * @see https://www.w3.org/TR/css-syntax-3/#whitespace
+		 */
+		$whitespace_length = strspn( $this->css, "\t\n\f\r ", $this->at );
+		if ( $whitespace_length > 0 ) {
+			$this->token_type      = self::TOKEN_WHITESPACE;
+			$this->token_length    = $whitespace_length;
+			$this->token_starts_at = $this->at;
+			$this->at             += $whitespace_length;
+			return true;
+		}
+
+		/*
+		 * String tokens with either " or ' as delimiters.
+		 *
+		 * @see https://www.w3.org/TR/css-syntax-3/#consume-string-token
+		 */
+		if ( '"' === $this->css[ $this->at ] || "'" === $this->css[ $this->at ] ) {
+			return $this->consume_string();
+		}
+
+		$char                  = $this->css[ $this->at ];
+		$this->token_starts_at = $this->at;
+
+		/*
+		 * U+0023 NUMBER SIGN (#)
+		 *
+		 * A hash token is created when # is followed by an ident code point or valid escape.
+		 * This is commonly used for hex colors (#fff) or ID selectors (#header).
+		 *
+		 * @see https://www.w3.org/TR/css-syntax-3/#consume-token
+		 */
+		if ( '#' === $char ) {
+			if ( $this->at + 1 < $this->length ) {
+				if (
+					$this->consume_ident_codepoint( $this->at + 1 ) > 0 ||
+					// The next two input code points are a valid escape.
+					$this->is_valid_escape( $this->at + 1 )
+				) {
+					// Create a <hash-token>.
+					++$this->at;
+
+					// We skip this check as we don't track the type flag:
+					// > If the next 3 input code points would start an ident sequence,
+					// > set the <hash-token>'s type flag to "id".
+
+					// Consume an ident sequence, and set the <hash-token>'s value to the returned string.
+					$this->consume_ident_sequence();
+					$this->token_type   = self::TOKEN_HASH;
+					$this->token_length = $this->at - $this->token_starts_at;
+					return true;
+				}
+			}
+			// Otherwise, return a <delim-token> with its value set to the current input code point.
+			++$this->at;
+			$this->token_type   = self::TOKEN_DELIM;
+			$this->token_length = 1;
+			return true;
+		}
+
+		/*
+		 * Simple single-byte tokens
+		 *
+		 * These characters form their own tokens when encountered.
+		 * Note: ( tokens here are not function tokens - those are handled
+		 * in consume_ident_like() when ( follows an identifier.
+		 *
+		 * @see https://www.w3.org/TR/css-syntax-3/#tokenization
+		 */
+		$simple = array(
+			'(' => self::TOKEN_LEFT_PAREN,
+			')' => self::TOKEN_RIGHT_PAREN,
+			',' => self::TOKEN_COMMA,
+			':' => self::TOKEN_COLON,
+			';' => self::TOKEN_SEMICOLON,
+			'[' => self::TOKEN_LEFT_BRACKET,
+			']' => self::TOKEN_RIGHT_BRACKET,
+			'{' => self::TOKEN_LEFT_BRACE,
+			'}' => self::TOKEN_RIGHT_BRACE,
+		);
+		if ( isset( $simple[ $char ] ) ) {
+			++$this->at;
+			$this->token_type   = $simple[ $char ];
+			$this->token_length = 1;
+			return true;
+		}
+
+		/*
+		 * U+0040 COMMERCIAL AT (@)
+		 *
+		 * An at-keyword is @ followed by an identifier, used for at-rules like
+		 * @media, @import, @keyframes, etc.
+		 *
+		 * @see https://www.w3.org/TR/css-syntax-3/#consume-token
+		 */
+		if ( '@' === $char ) {
+			++$this->at;
+			// If the next 3 input code points after the @ would start an ident sequence,
+			// consume an ident sequence, create an <at-keyword-token> with its value set to the returned value,
+			// and return it.
+			if ( $this->check_if_3_code_points_start_an_ident_sequence( $this->at ) ) {
+				$this->consume_ident_sequence();
+				$this->token_type   = self::TOKEN_AT_KEYWORD;
+				$this->token_length = $this->at - $this->token_starts_at;
+				return true;
+			} else {
+				// Otherwise, return a <delim-token> with its value set to the current input code point.
+				$this->token_type   = self::TOKEN_DELIM;
+				$this->token_length = 1;
+				return true;
+			}
+		}
+
+		/*
+		 * Numbers start with digits, the plus sign, minus sign, and decimal point.
+		 *
+		 * @see https://www.w3.org/TR/css-syntax-3/#starts-with-a-number
+		 */
+		if ( $this->would_next_3_code_points_start_a_number() ) {
+			return $this->consume_numeric();
+		}
+
+		/*
+		 * U+002D HYPHEN-MINUS (-)
+		 */
+		if ( '-' === $char ) {
+			// This case is covered above:
+			// > If the input stream starts with a number.
+
+			/*
+			 * If followed by another hyphen and >, this is a CDC token (-->)
+			 *
+			 * Comment Delimiter Close - legacy HTML comment syntax in CSS.
+			 *
+			 * @see https://www.w3.org/TR/css-syntax-3/#CDC-token-diagram
+			 */
+			if (
+				$this->at + 2 < $this->length &&
+				'-' === $this->css[ $this->at + 1 ] &&
+				'>' === $this->css[ $this->at + 2 ]
+			) {
+				// Consume them and return a <CDC-token>.
+				$this->at          += 3;
+				$this->token_type   = self::TOKEN_CDC;
+				$this->token_length = 3;
+				return true;
+			}
+
+			// Otherwise, if the input stream starts with an ident sequence,
+			// reconsume the current input code point, consume an ident-like
+			// token, and return it.
+			if ( $this->check_if_3_code_points_start_an_ident_sequence( $this->at ) ) {
+				return $this->consume_ident_like();
+			}
+
+			// Otherwise, return a <delim-token> with its value set to the current input code point.
+			++$this->at;
+			$this->token_type   = self::TOKEN_DELIM;
+			$this->token_length = 1;
+			return true;
+		}
+
+		/*
+		 * U+003C LESS-THAN SIGN (<)
+		 * If followed by !--, this is a CDO token (<!--)
+		 *
+		 * Comment Delimiter Open - legacy HTML comment syntax in CSS.
+		 *
+		 * @see https://www.w3.org/TR/css-syntax-3/#CDO-token-diagram
+		 */
+		if ( '<' === $char && $this->at + 3 < $this->length &&
+			'!' === $this->css[ $this->at + 1 ] &&
+			'-' === $this->css[ $this->at + 2 ] &&
+			'-' === $this->css[ $this->at + 3 ] ) {
+			// Consume them and return a <CDO-token>.
+			$this->at          += 4;
+			$this->token_type   = self::TOKEN_CDO;
+			$this->token_length = 4;
+			return true;
+		}
+
+		/*
+		 * Ident-start code point
+		 *
+		 * If the input stream starts with an ident sequence, reconsume the current
+		 * input code point, consume an ident-like token, and return it.
+		 *
+		 * Could be an identifier, function, or url() token.
+		 *
+		 * @see https://www.w3.org/TR/css-syntax-3/#consume-ident-like-token
+		 */
+		if ( $this->check_if_3_code_points_start_an_ident_sequence( $this->at ) ) {
+			return $this->consume_ident_like();
+		}
+
+		/*
+		 * Delim token (delimiter)
+		 *
+		 * Any code point that doesn't match above rules becomes a delim token.
+		 * Handle multi-byte UTF-8 characters properly.
+		 *
+		 * @see https://www.w3.org/TR/css-syntax-3/#delim-token-diagram
+		 */
+		if ( ord( $char ) >= 0x80 ) {
+			$new_at         = $this->at;
+			$invalid_length = 0;
+			if ( 1 !== _wp_scan_utf8( $this->css, $new_at, $invalid_length, null, 1 ) ) {
+				/**
+				 * Trouble ahead!
+				 * Bytes at $at are not a valid UTF-8 sequence.
+				 *
+				 * We'll move forward by $invalid_length bytes and continue processing.
+				 * Later on, during the string decoding, we'll replace the invalid bytes with U+FFFD
+				 * via maximal subpart”replacement.
+				 */
+				$matched_bytes = $invalid_length;
+			} else {
+				$matched_bytes = $new_at - $this->at;
+			}
+
+			$this->at          += $matched_bytes;
+			$this->token_type   = self::TOKEN_DELIM;
+			$this->token_length = $matched_bytes;
+			return true;
+		}
+
+		// Single ASCII delim.
+		++$this->at;
+		$this->token_type   = self::TOKEN_DELIM;
+		$this->token_length = 1;
+		return true;
+	}
+
+	/**
+	 * Gets the current token type.
+	 *
+	 * @return string|null
+	 * @phpstan-return self::TOKEN_*|null
+	 */
+	public function get_token_type(): ?string {
+		return $this->token_type;
+	}
+
+	/**
+	 * Gets the normalized token text from the CSS source.
+	 *
+	 * Returns the token with CSS normalization and escape decoding applied:
+	 * - CSS escapes decoded (e.g., \6c → l, \2f → /, \A → newline)
+	 * - \r\n, \r, \f → \n
+	 * - \x00 → U+FFFD (�)
+	 *
+	 * This is different from get_token_value() which returns the semantic value
+	 * (e.g., for strings: content without quotes; for numbers: numeric value).
+	 *
+	 * @return string|null
+	 */
+	public function get_normalized_token(): ?string {
+		if ( null === $this->token_starts_at || null === $this->token_length ) {
+			return null;
+		}
+
+		return $this->decode_string_or_url(
+			$this->token_starts_at,
+			$this->token_length
+		);
+	}
+
+	/**
+	 * Gets the raw, unnormalized token text from the CSS source.
+	 *
+	 * Returns the exact bytes from the source without any normalization.
+	 * This preserves original line endings (\r\n, \r, \f) and null bytes.
+	 *
+	 * @return string|null
+	 */
+	public function get_unnormalized_token(): ?string {
+		if ( null === $this->token_starts_at || null === $this->token_length ) {
+			return null;
+		}
+		return substr( $this->css, $this->token_starts_at, $this->token_length );
+	}
+
+	/**
+	 * Gets the current token value as a normalized and decoded string. This is
+	 * a slight divergence from the CSS Syntax Level 3 spec, where all the numberic
+	 * values are parsed as numbers. This processor is only concerned with their
+	 * textual representation.
+	 *
+	 * Returns the semantic value of the token per CSS Syntax Level 3 spec:
+	 *
+	 * - For delimiters: the single code point
+	 * - For numbers/percentages: the string representation of the number
+	 * - For dimensions: the string representation of the number (use get_token_unit() for the unit)
+	 * - For identifiers/functions/hash/at-keywords: the decoded identifier string
+	 * - For strings/URLs: the decoded string value
+	 * - For other tokens: null
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#token-value
+	 * @return string|null
+	 */
+	public function get_token_value() {
+		if ( null === $this->token_value ) {
+			if ( null === $this->token_starts_at || null === $this->token_length ) {
+				return null;
+			}
+
+			switch ( $this->token_type ) {
+				case self::TOKEN_HASH:
+					// Hash value starts after the # character.
+					$this->token_value = $this->decode_string_or_url( $this->token_starts_at + 1, $this->token_length - 1 );
+					break;
+
+				case self::TOKEN_AT_KEYWORD:
+					// At-keyword value starts after the @ character.
+					$this->token_value = $this->decode_string_or_url( $this->token_starts_at + 1, $this->token_length - 1 );
+					break;
+
+				case self::TOKEN_FUNCTION:
+					// Function name is everything except the final (.
+					$this->token_value = $this->decode_string_or_url( $this->token_starts_at, $this->token_length - 1 );
+					break;
+
+				case self::TOKEN_IDENT:
+					// Identifier is the entire token.
+					$this->token_value = $this->decode_string_or_url( $this->token_starts_at, $this->token_length );
+					break;
+
+				case self::TOKEN_STRING:
+				case self::TOKEN_BAD_STRING:
+				case self::TOKEN_URL:
+					// Decode and cache the string/URL value.
+					if ( null !== $this->token_value_starts_at && null !== $this->token_value_length ) {
+						$this->token_value = $this->decode_string_or_url(
+							$this->token_value_starts_at,
+							$this->token_value_length
+						);
+						$this->token_value = $this->token_value;
+					} else {
+						$this->token_value = null;
+					}
+					break;
+
+				case self::TOKEN_DELIM:
+					// Delim value is the single code point.
+					$this->token_value = $this->decode_string_or_url( $this->token_starts_at, $this->token_length );
+					break;
+
+				case self::TOKEN_NUMBER:
+					// Return the string representation of the number (not parsed to float).
+					$this->token_value = substr( $this->css, $this->token_starts_at, $this->token_length );
+					break;
+
+				case self::TOKEN_PERCENTAGE:
+					// Return the string representation of the number (without the %).
+					$this->token_value = substr( $this->css, $this->token_starts_at, $this->token_length - 1 );
+					break;
+
+				case self::TOKEN_DIMENSION:
+					// Return the string representation of the number (without the unit).
+					$this->token_value = substr( $this->get_normalized_token(), 0, -strlen( $this->token_unit ) );
+					break;
+
+				default:
+					$this->token_value = null;
+					break;
+			}
+		}
+
+		return $this->token_value;
+	}
+
+	/**
+	 * Determines whether the current token is a data URI.
+	 *
+	 * Only meaningful for URL and STRING tokens. Returns false for all other token types.
+	 *
+	 * @return bool Whether the current token value starts with "data:" (case-insensitive).
+	 */
+	public function is_data_uri(): bool {
+		if ( null === $this->token_value_starts_at || null === $this->token_value_length ) {
+			return false;
+		}
+
+		if ( $this->token_value_length < 5 ) {
+			return false;
+		}
+
+		$offset = $this->token_value_starts_at;
+		return (
+			( 'd' === $this->css[ $offset ] || 'D' === $this->css[ $offset ] ) &&
+			( 'a' === $this->css[ $offset + 1 ] || 'A' === $this->css[ $offset + 1 ] ) &&
+			( 't' === $this->css[ $offset + 2 ] || 'T' === $this->css[ $offset + 2 ] ) &&
+			( 'a' === $this->css[ $offset + 3 ] || 'A' === $this->css[ $offset + 3 ] ) &&
+			':' === $this->css[ $offset + 4 ]
+		);
+	}
+
+	/**
+	 * Gets the token start at.
+	 *
+	 * @return int|null
+	 */
+	public function get_token_start(): ?int {
+		return $this->token_starts_at;
+	}
+
+	/**
+	 * Gets the token length.
+	 *
+	 * @return int|null
+	 */
+	public function get_token_length(): ?int {
+		return $this->token_length;
+	}
+
+	/**
+	 * Gets the unit for dimension tokens.
+	 *
+	 * @return string|null
+	 */
+	public function get_token_unit(): ?string {
+		return $this->token_unit;
+	}
+
+	/**
+	 * Gets the byte at where the token value starts (for STRING and URL tokens).
+	 *
+	 * @return int|null
+	 */
+	public function get_token_value_start(): ?int {
+		return $this->token_value_starts_at;
+	}
+
+	/**
+	 * Gets the byte length of the token value (for STRING and URL tokens).
+	 *
+	 * @return int|null
+	 */
+	public function get_token_value_length(): ?int {
+		return $this->token_value_length;
+	}
+
+	/**
+	 * Sets the value of the current URL token.
+	 *
+	 * This method allows modifying the URL value in url() tokens. The new value
+	 * will be properly escaped according to CSS URL syntax rules.
+	 *
+	 * Currently only URL tokens are supported. Attempting to set the value on
+	 * other token types will return false.
+	 *
+	 * Example:
+	 *
+	 *     $css = 'background: url(old.jpg);';
+	 *     $processor = WP_CSS_Token_Processor::create( $css );
+	 *     while ( $processor->next_token() ) {
+	 *         if ( WP_CSS_Token_Processor::TOKEN_URL === $processor->get_token_type() ) {
+	 *             $processor->set_token_value( 'new.jpg' );
+	 *         }
+	 *     }
+	 *     echo $processor->get_updated_css();
+	 *     // Outputs: background: url(new.jpg);
+	 *
+	 * @param string $new_value The new URL value (should not include url() wrapper).
+	 * @return bool Whether the value was successfully updated.
+	 */
+	public function set_token_value( string $new_value ): bool {
+		// Only URL and string tokens are currently supported.
+		switch ( $this->token_type ) {
+			case self::TOKEN_URL:
+				$this->lexical_updates[] = array(
+					'start'  => $this->token_value_starts_at,
+					'length' => $this->token_value_length,
+					'text'   => WP_CSS_Builder::string( $new_value ),
+				);
+				return true;
+			case self::TOKEN_STRING:
+				$this->lexical_updates[] = array(
+					'start'  => $this->token_starts_at,
+					'length' => $this->token_length,
+					'text'   => WP_CSS_Builder::string( $new_value ),
+				);
+				return true;
+			default:
+				_doing_it_wrong( __METHOD__, 'set_token_value() only supports URL and string tokens. Got token type: ' . $this->token_type, '1.0.0' );
+				return false;
+		}
+	}
+
+	/**
+	 * Returns the CSS with all modifications applied.
+	 *
+	 * This method applies all queued lexical updates and returns the modified CSS.
+	 * If no modifications were made, returns the original CSS.
+	 *
+	 * Example:
+	 *
+	 *     $css = 'background: url(old.jpg);';
+	 *     $processor = WP_CSS_Token_Processor::create( $css );
+	 *     while ( $processor->next_token() ) {
+	 *         if ( WP_CSS_Token_Processor::TOKEN_URL === $processor->get_token_type() ) {
+	 *             $processor->set_token_value( 'new.jpg' );
+	 *         }
+	 *     }
+	 *     echo $processor->get_updated_css();
+	 *     // Outputs: background: url(new.jpg);
+	 *
+	 * @return string The modified CSS.
+	 */
+	public function get_updated_css(): string {
+		if ( empty( $this->lexical_updates ) ) {
+			return $this->css;
+		}
+
+		// Sort updates by start position in ascending order.
+		usort(
+			$this->lexical_updates,
+			function ( $a, $b ) {
+				return $a['start'] - $b['start'];
+			}
+		);
+
+		// Build the output by concatenating original CSS fragments with replacements.
+		$bytes_already_copied = 0;
+		$output               = '';
+
+		foreach ( $this->lexical_updates as $update ) {
+			$output              .= substr( $this->css, $bytes_already_copied, $update['start'] - $bytes_already_copied );
+			$output              .= $update['text'];
+			$bytes_already_copied = $update['start'] + $update['length'];
+		}
+
+		// Copy remaining CSS after last update.
+		$output .= substr( $this->css, $bytes_already_copied );
+
+		return $output;
+	}
+
+	/**
+	 * Clears token state between tokens.
+	 */
+	private function after_token(): void {
+		$this->token_type            = null;
+		$this->token_starts_at       = null;
+		$this->token_length          = null;
+		$this->token_value           = null;
+		$this->token_unit            = null;
+		$this->token_value_starts_at = null;
+		$this->token_value_length    = null;
+	}
+
+	/**
+	 * Consumes a string token.
+	 *
+	 * Strings are quoted with either " or ' and can contain escape sequences.
+	 * Newlines inside strings (without escaping) make the string invalid.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#consume-string-token
+	 *
+	 * @return bool
+	 */
+	private function consume_string(): bool {
+		// Initially create a <string-token> with its value set to the empty string.
+		$this->token_starts_at = $this->at;
+		$ending_char           = $this->css[ $this->at ];
+
+		// Skip past the opening quote.
+		++$this->at;
+		$value_starts_at = $this->at;
+
+		// Characters that need special handling: the ending quote, newlines, backslashes.
+		$special_chars = "'" === $ending_char ? "'\n\f\r\\" : "\"\n\f\r\\";
+
+		while ( $this->at < $this->length ) {
+			// Consume normal characters until we hit a special character.
+			$normal_len = strcspn( $this->css, $special_chars, $this->at );
+			if ( $normal_len > 0 ) {
+				$this->at += $normal_len;
+			}
+
+			if ( $this->at >= $this->length ) {
+				break; // EOF.
+			}
+
+			$char = $this->css[ $this->at ];
+			switch ( $char ) {
+				case $ending_char:
+					// Ending quote.
+					// Return the <string-token>.
+					++$this->at;
+					$this->token_type            = self::TOKEN_STRING;
+					$this->token_length          = $this->at - $this->token_starts_at;
+					$this->token_value_starts_at = $value_starts_at;
+					$this->token_value_length    = $this->at - $value_starts_at - 1;
+					return true;
+
+				case "\n":
+				case "\f":
+				case "\r":
+					/*
+					 * Newline.
+					 *
+					 * This is a parse error. Reconsume the current input code point,
+					 * create a <bad-string-token>, and return it.
+					 *
+					 * Unescaped newlines are not allowed in strings. To include a newline,
+					 * it must be escaped as \A or the string must end and a new one begin.
+					 *
+					 * @see https://www.w3.org/TR/css-syntax-3/#consume-string-token
+					 */
+					$this->token_type            = self::TOKEN_BAD_STRING;
+					$this->token_length          = $this->at - $this->token_starts_at;
+					$this->token_value_starts_at = $value_starts_at;
+					$this->token_value_length    = $this->at - $value_starts_at;
+					return true;
+
+				case '\\':
+					// U+005C REVERSE SOLIDUS (\)
+					// If the next input code point is EOF, do nothing.
+					++$this->at;
+					if ( $this->at >= $this->length ) {
+						// Backslash-EOF: do nothing, just consume the backslash.
+						continue 2;
+					}
+
+					// Otherwise, if the next input code point is a newline, consume it.
+					$next = $this->css[ $this->at ];
+					if ( "\n" === $next || "\f" === $next ) {
+						++$this->at;
+						continue 2;
+					} elseif ( "\r" === $next ) {
+						++$this->at;
+						// Handle \r\n as a single newline.
+						if ( $this->at < $this->length && "\n" === $this->css[ $this->at ] ) {
+							++$this->at;
+						}
+						continue 2;
+					}
+
+					// Otherwise, (the stream starts with a valid escape) consume an escaped
+					// code point (just to advance position, don't store the result).
+					$this->decode_escape_at( $this->at, $matched_bytes );
+					$this->at += $matched_bytes;
+					continue 2;
+
+				default:
+					_doing_it_wrong( __METHOD__, 'Unexpected character in string: ' . $char, '1.0.0' );
+					break;
+			}
+		}
+
+		// EOF
+		// This is a parse error. Return the <string-token>.
+		$this->token_type            = self::TOKEN_STRING;
+		$this->token_length          = $this->at - $this->token_starts_at;
+		$this->token_value_starts_at = $value_starts_at;
+		$this->token_value_length    = $this->at - $value_starts_at;
+		return true;
+	}
+
+	/**
+	 * Consumes a numeric token (number, percentage, dimension).
+	 *
+	 * Numbers can be integers or decimals, with optional sign and exponent.
+	 * They can be followed by % (percentage) or an identifier (dimension).
+	 *
+	 * @TODO: Keep track of the "type" flag ("integer" or "number").
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#consume-numeric-token
+	 * @see https://www.w3.org/TR/css-syntax-3/#consume-number
+	 *
+	 * @return bool
+	 */
+	private function consume_numeric(): bool {
+		// Consume a number and let number be the result.
+
+		// If the next input code point is U+002B PLUS SIGN (+) or U+002D HYPHEN-MINUS (-),
+		// consume it and append it to repr.
+		if ( '+' === $this->css[ $this->at ] || '-' === $this->css[ $this->at ] ) {
+			++$this->at;
+		}
+
+		// While the next input code point is a digit, consume it and append it to repr.
+		$digits = strspn( $this->css, '0123456789', $this->at );
+		if ( $digits > 0 ) {
+			$this->at += $digits;
+		}
+
+		// If the next 2 input code points are U+002E FULL STOP (.) followed by a digit, then.
+		if (
+			$this->at + 1 < $this->length &&
+			'.' === $this->css[ $this->at ] &&
+			$this->css[ $this->at + 1 ] >= '0' &&
+			$this->css[ $this->at + 1 ] <= '9'
+		) {
+			// Consume them.
+			++$this->at;
+			// While the next input code point is a digit, consume it and append it to repr.
+			$digits = strspn( $this->css, '0123456789', $this->at );
+			if ( $digits > 0 ) {
+				$this->at += $digits;
+			}
+		}
+
+		// If the next 2 or 3 input code points are U+0045 LATIN CAPITAL LETTER E (E)
+		// or U+0065 LATIN SMALL LETTER E (e), optionally followed by U+002D HYPHEN-MINUS (-)
+		// or U+002B PLUS SIGN (+), followed by a digit, then.
+		if ( $this->at < $this->length ) {
+			$e = $this->css[ $this->at ];
+			if ( 'e' === $e || 'E' === $e ) {
+				$save_pos = $this->at;
+				++$this->at;
+				$has_exp = false;
+
+				if ( $this->at < $this->length ) {
+					$next = $this->css[ $this->at ];
+					if ( ( '+' === $next || '-' === $next ) && $this->at + 1 < $this->length &&
+						$this->css[ $this->at + 1 ] >= '0' && $this->css[ $this->at + 1 ] <= '9' ) {
+						// Consume them.
+						++$this->at;
+						$has_exp = true;
+					} elseif ( $next >= '0' && $next <= '9' ) {
+						$has_exp = true;
+					}
+				}
+
+				if ( $has_exp ) {
+					// While the next input code point is a digit, consume it and append it to repr.
+					$digits = strspn( $this->css, '0123456789', $this->at );
+					if ( $digits > 0 ) {
+						$this->at += $digits;
+					}
+				} else {
+					$this->at = $save_pos;
+				}
+			}
+		}
+
+		/**
+		 * This is the end of spec section 4.3.12. Consume a number.
+		 * We still have some work to do as specified in section 4.3.3. Consume a numeric token:
+		 * https://www.w3.org/TR/css-syntax-3/#consume-numeric-token
+		 */
+
+		// If the next 3 input code points would start an ident sequence, then.
+		if ( $this->check_if_3_code_points_start_an_ident_sequence( $this->at ) ) {
+			// Create a <dimension-token> with the same value and type flag as number,
+			// and a unit set initially to the empty string.
+			// Consume an ident sequence. Set the <dimension-token>'s unit to the returned value.
+			$unit_starts_at = $this->at;
+			$this->consume_ident_sequence();
+			$this->token_unit   = $this->decode_string_or_url( $unit_starts_at, $this->at - $unit_starts_at );
+			$this->token_type   = self::TOKEN_DIMENSION;
+			$this->token_length = $this->at - $this->token_starts_at;
+			return true;
+		}
+
+		// Otherwise, if the next input code point is U+0025 PERCENTAGE SIGN (%), consume it.
+		// Create a <percentage-token> with the same value as number, and return it.
+		if ( $this->at < $this->length && '%' === $this->css[ $this->at ] ) {
+			++$this->at;
+			$this->token_type   = self::TOKEN_PERCENTAGE;
+			$this->token_length = $this->at - $this->token_starts_at;
+			return true;
+		}
+
+		// Otherwise, create a <number-token> with the same value and type flag as number, and return it.
+		$this->token_type   = self::TOKEN_NUMBER;
+		$this->token_length = $this->at - $this->token_starts_at;
+		return true;
+	}
+
+	/**
+	 * Consumes an ident-like token (function, url, ident).
+	 *
+	 * After consuming an identifier, checks if it's followed by '(' to determine
+	 * if it's a function or url() token, otherwise it's a plain identifier.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#consume-ident-like-token
+	 *
+	 * @return bool
+	 */
+	private function consume_ident_like(): bool {
+		// Consume an ident sequence, and let string be the result.
+		$ident_start = $this->at;
+		$decoded     = $this->consume_ident_sequence();
+		$string      = $decoded ?? $this->decode_string_or_url( $ident_start, $this->at - $ident_start );
+
+		// If string's value is an ASCII case-insensitive match for "url",
+		// and the next input code point is U+0028 LEFT PARENTHESIS (().
+		if ( 0 === strcasecmp( $string, 'url' ) && $this->at < $this->length && '(' === $this->css[ $this->at ] ) {
+			// Consume it.
+			++$this->at;
+
+			// While the next two input code points are whitespace, consume the next input code point.
+			$ws_len = strspn( $this->css, "\t\n\f\r ", $this->at );
+
+			// If the next one or two input code points are U+0022 QUOTATION MARK ("),
+			// U+0027 APOSTROPHE ('), or whitespace followed by U+0022 QUOTATION MARK (")
+			// or U+0027 APOSTROPHE (').
+			if ( $this->at + $ws_len < $this->length ) {
+				$next = $this->css[ $this->at + $ws_len ];
+				if ( '"' === $next || "'" === $next ) {
+					// then create a <function-token> with its value set to string and return it.
+					if ( null !== $decoded ) {
+						$this->token_value = $decoded;
+					}
+					$this->token_type   = self::TOKEN_FUNCTION;
+					$this->token_length = $this->at - $this->token_starts_at;
+					return true;
+				}
+			}
+
+			// Otherwise, consume a url token, and return it.
+			$this->at += $ws_len;
+			return $this->consume_url();
+		}
+
+		// Otherwise, if the next input code point is U+0028 LEFT PARENTHESIS (().
+		if ( $this->at < $this->length && '(' === $this->css[ $this->at ] ) {
+			// Consume it.
+			++$this->at;
+			// Create a <function-token> with its value set to string and return it.
+			if ( null !== $decoded ) {
+				$this->token_value = $decoded;
+			}
+			$this->token_type   = self::TOKEN_FUNCTION;
+			$this->token_length = $this->at - $this->token_starts_at;
+			return true;
+		}
+
+		// Otherwise, create an <ident-token> with its value set to string and return it.
+		if ( null !== $decoded ) {
+			$this->token_value = $decoded;
+		}
+		$this->token_type   = self::TOKEN_IDENT;
+		$this->token_length = $this->at - $this->token_starts_at;
+		return true;
+	}
+
+	/**
+	 * Consumes a url token.
+	 *
+	 * URL tokens can contain unquoted URLs with escape sequences but not quotes,
+	 * parentheses, or certain control characters. Invalid characters create a
+	 * bad-url token.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#consume-url-token
+	 *
+	 * @return bool
+	 */
+	private function consume_url(): bool {
+		// Initially create a <url-token> with its value set to the empty string.
+		// Consume as much whitespace as possible.
+		$this->at += strspn( $this->css, "\t\n\f\r ", $this->at );
+
+		$value_starts_at = $this->at;
+
+		// Repeatedly consume the next input code point from the stream.
+		while ( $this->at < $this->length ) {
+			// U+0029 RIGHT PARENTHESIS ())
+			// Return the <url-token>.
+			if ( ')' === $this->css[ $this->at ] ) {
+				++$this->at;
+				$this->token_type            = self::TOKEN_URL;
+				$this->token_length          = $this->at - $this->token_starts_at;
+				$this->token_value_starts_at = $value_starts_at;
+				$this->token_value_length    = $this->at - $value_starts_at - 1;
+				return true;
+			}
+
+			// whitespace
+			// Consume as much whitespace as possible. If the next input code point is
+			// U+0029 RIGHT PARENTHESIS ()) or EOF, consume it and return the <url-token>
+			// (if EOF was encountered, this is a parse error); otherwise, consume the
+			// remnants of a bad url, create a <bad-url-token>, and return it.
+			$ws_len = strspn( $this->css, "\t\n\f\r ", $this->at );
+			if ( $ws_len > 0 ) {
+				$value_ends_at = $this->at;
+				$this->at     += $ws_len;
+				// Accept either ) or EOF after whitespace.
+				if ( $this->at >= $this->length ) {
+					// EOF is a parse error, but we return the <url-token> anyway.
+					$this->token_type            = self::TOKEN_URL;
+					$this->token_length          = $this->at - $this->token_starts_at;
+					$this->token_value_starts_at = $value_starts_at;
+					$this->token_value_length    = $value_ends_at - $value_starts_at;
+					return true;
+				}
+
+				if ( ')' === $this->css[ $this->at ] ) {
+					// Skip the closing parenthesis and return the <url-token>.
+					++$this->at;
+					$this->token_type            = self::TOKEN_URL;
+					$this->token_length          = $this->at - $this->token_starts_at;
+					$this->token_value_starts_at = $value_starts_at;
+					$this->token_value_length    = $value_ends_at - $value_starts_at;
+					return true;
+				}
+
+				return $this->consume_remnants_of_bad_url();
+			}
+
+			// These codepoints trigger a parse error.
+			$byte = ord( $this->css[ $this->at ] );
+			if (
+				'"' === $this->css[ $this->at ] ||
+				"'" === $this->css[ $this->at ] ||
+				'(' === $this->css[ $this->at ] ||
+
+				// Non-printable code point.
+				$byte <= 0x08 ||
+
+				// Line Tabulation.
+				0x0B === $byte ||
+
+				// Control characters.
+				( $byte >= 0x000E && $byte <= 0x001F ) ||
+
+				// Delete.
+				0x7F === $byte
+			) {
+				// Consume the remnants of a bad url,
+				// create a <bad-url-token>, and return it.
+				return $this->consume_remnants_of_bad_url();
+			}
+
+			// U+005C REVERSE SOLIDUS (\)
+			// If the stream starts with a valid escape, consume an escaped code point.
+			if ( '\\' === $this->css[ $this->at ] ) {
+				if ( $this->is_valid_escape( $this->at ) ) {
+					++$this->at;
+					$this->decode_escape_at( $this->at, $matched_bytes );
+					$this->at += $matched_bytes;
+					continue;
+				}
+				// Otherwise, this is a parse error. Consume the remnants of a bad url,
+				// create a <bad-url-token>, and return it.
+				return $this->consume_remnants_of_bad_url();
+			}
+
+			$at             = $this->at;
+			$invalid_length = 0;
+			if ( 1 !== _wp_scan_utf8( $this->css, $at, $invalid_length, null, 1 ) ) {
+				/**
+				 * Trouble ahead!
+				 * Bytes at $at are not a valid UTF-8 sequence.
+				 *
+				 * We'll move forward by $invalid_length bytes and continue processing.
+				 * Later on, during the string decoding, we'll replace the invalid bytes with U+FFFD
+				 * via maximal subpart”replacement.
+				 */
+				$this->at += $invalid_length;
+			} else {
+				$this->at = $at;
+			}
+		}
+
+		// EOF
+		// This is a parse error. Return the <url-token>.
+		$this->token_type            = self::TOKEN_URL;
+		$this->token_length          = $this->at - $this->token_starts_at;
+		$this->token_value_starts_at = $value_starts_at;
+		$this->token_value_length    = $this->at - $value_starts_at;
+		return true;
+	}
+
+	/**
+	 * Finishes a bad url token by consuming remnants.
+	 *
+	 * When an invalid character is encountered in a URL, we must consume
+	 * the remainder of the URL up to the closing ) or EOF.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#consume-remnants-of-bad-url
+	 *
+	 * @return bool
+	 */
+	private function consume_remnants_of_bad_url(): bool {
+		while ( $this->at < $this->length ) {
+			$this->at += strcspn( $this->css, ')\\', $this->at );
+
+			if ( $this->at >= $this->length ) {
+				break;
+			}
+
+			if ( '\\' === $this->css[ $this->at ] ) {
+				++$this->at;
+				if ( $this->is_valid_escape( $this->at - 1 ) ) {
+					$this->decode_escape_at( $this->at, $matched_bytes );
+					$this->at += $matched_bytes;
+					continue;
+				}
+			} elseif ( ')' === $this->css[ $this->at ] ) {
+				++$this->at;
+				break;
+			}
+		}
+
+		$this->token_type   = self::TOKEN_BAD_URL;
+		$this->token_length = $this->at - $this->token_starts_at;
+		return true;
+	}
+
+	/**
+	 * Consumes an identifier sequence.
+	 *
+	 * Identifiers can contain letters, digits, hyphens, underscores, non-ASCII
+	 * characters, and escape sequences. Null bytes are replaced with U+FFFD.
+	 *
+	 * Returns the decoded identifier string if escapes were encountered,
+	 * or null if no decoding was needed (can use raw substring).
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#consume-name
+	 */
+	private function consume_ident_sequence() {
+		while ( $this->at < $this->length ) {
+			$codepoint_bytes = $this->consume_ident_codepoint( $this->at );
+			if ( $codepoint_bytes > 0 ) {
+				$this->at += $codepoint_bytes;
+				continue;
+			}
+
+			if ( $this->is_valid_escape( $this->at ) ) {
+				++$this->at;
+
+				$this->decode_escape_at( $this->at, $matched_bytes );
+				$this->at += $matched_bytes;
+				continue;
+			}
+
+			break;
+		}
+	}
+
+	/**
+	 * Ident-start code point
+	 *     A letter, a non-ASCII code point, or U+005F LOW LINE (_).
+	 *
+	 * Ident code point
+	 *     An ident-start code point, a digit, or U+002D HYPHEN-MINUS (-).
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#ident-start-code-point
+	 * @return int The number of bytes consumed.
+	 */
+	private function consume_ident_codepoint( $at ): int {
+		// ident code points.
+		if ( ( $this->css[ $at ] >= '0' && $this->css[ $at ] <= '9' ) ||
+			'-' === $this->css[ $at ] ) {
+			return 1;
+		}
+
+		return $this->consume_ident_start_codepoint( $at );
+	}
+
+
+	/**
+	 * Ident-start code point
+	 *     A letter, a non-ASCII code point, or U+005F LOW LINE (_).
+	 *
+	 * Ident code point
+	 *     An ident-start code point, a digit, or U+002D HYPHEN-MINUS (-).
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#ident-start-code-point
+	 * @return int The number of bytes consumed.
+	 */
+	private function consume_ident_start_codepoint( $at ): int {
+		if ( $at >= $this->length ) {
+			return 0;
+		}
+
+		// ASCII codepoints.
+		if ( ( $this->css[ $at ] >= 'A' && $this->css[ $at ] <= 'Z' ) ||
+			( $this->css[ $at ] >= 'a' && $this->css[ $at ] <= 'z' ) ||
+			'_' === $this->css[ $at ] ) {
+			return 1;
+		}
+
+		// Special case for null bytes – they are replaced with U+FFFD during preprocessing.
+		if ( "\x00" === $this->css[ $at ] ) {
+			return 1;
+		}
+
+		$new_at         = $at;
+		$invalid_length = 0;
+		if ( 1 !== _wp_scan_utf8( $this->css, $new_at, $invalid_length, null, 1 ) ) {
+			/**
+			 * Trouble ahead!
+			 * Bytes at $at are not a valid UTF-8 sequence.
+			 *
+			 * We'll move forward by $invalid_length bytes and continue processing.
+			 * Later on, during the string decoding, we'll replace the invalid bytes with U+FFFD
+			 * via maximal subpart”replacement.
+			 */
+			return $invalid_length;
+		}
+
+		$codepoint_byte_length = $new_at - $at;
+		$codepoint             = self::utf8_ord( substr( $this->css, $at, $codepoint_byte_length ) );
+		if ( null !== $codepoint && $codepoint >= 0x80 ) {
+			return $codepoint_byte_length;
+		}
+		return 0;
+	}
+
+	/**
+	 * Decodes a string or URL value with escape sequences and normalization.
+	 *
+	 * Fast path: If the slice contains no special characters, returns the raw
+	 * substring with almost zero allocations.
+	 *
+	 * Slow path: Builds the decoded string by optionally processing escapes and
+	 * normalizing line endings and null bytes.
+	 *
+	 * @param int $start           Start byte offset.
+	 * @param int $length          Length of the substring to decode.
+	 * @return string Decoded/normalized string.
+	 */
+	private function decode_string_or_url( int $start, int $length ): string {
+		// Fast path: check if any processing is needed.
+		$slice         = wp_scrub_utf8( substr( $this->css, $start, $length ) );
+		$special_chars = "\\\r\f\x00";
+		if ( false === strpbrk( $slice, $special_chars ) ) {
+			// No special chars - return raw substring (almost zero allocations).
+			return $slice;
+		}
+
+		// Slow path: build decoded string (one allocation).
+		$decoded = '';
+		$at      = $start;
+		$end     = $start + $length;
+
+		while ( $at < $end ) {
+			// Find next special character.
+			$normal_len = strcspn( $this->css, $special_chars, $at );
+			if ( $normal_len > 0 ) {
+				// Clamp to not exceed the end boundary.
+				$normal_len = min( $normal_len, $end - $at );
+				$decoded   .= substr( $this->css, $at, $normal_len );
+				$at        += $normal_len;
+			}
+
+			if ( $at >= $end ) {
+				break;
+			}
+
+			$char = $this->css[ $at ];
+
+			// Handle escapes (if enabled).
+			if ( '\\' === $char ) {
+				if ( $this->is_valid_escape( $at ) ) {
+					++$at;
+					$decoded .= $this->decode_escape_at( $at, $bytes_consumed );
+					$at      += $bytes_consumed;
+					continue;
+				}
+				// Invalid escape - consume the backslash and keep going.
+				$decoded .= '\\';
+				++$at;
+				continue;
+			}
+
+			// CSS normalization: \r\n, \r, and \f all become \n.
+			if ( "\r" === $char ) {
+				$decoded .= "\n";
+				++$at;
+				// Handle \r\n as single newline.
+				if ( $at < $end && "\n" === $this->css[ $at ] ) {
+					++$at;
+				}
+				continue;
+			}
+
+			if ( "\f" === $char ) {
+				$decoded .= "\n";
+				++$at;
+				continue;
+			}
+
+			// Null bytes become U+FFFD.
+			if ( "\x00" === $char ) {
+				$decoded .= "\u{FFFD}";
+				++$at;
+				continue;
+			}
+		}
+
+		return $decoded;
+	}
+
+	/**
+	 * Decodes an escape sequence starting at the given offset without
+	 * modifying $this->at.
+	 *
+	 * Escape sequences are backslash followed by 1-6 hex digits (with optional
+	 * trailing whitespace) or any other character. Invalid code points are
+	 * replaced with U+FFFD.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#consume-escaped-code-point
+	 *
+	 * @param int $offset Byte offset (should point to the character after the backslash).
+	 * @param int &$bytes_consumed Output parameter: number of bytes consumed.
+	 * @return string The decoded character(s).
+	 */
+	private function decode_escape_at( int $offset, &$bytes_consumed ): string {
+		// This method assumes the U+005C REVERSE SOLIDUS (\) has already been consumed
+		// and the next input code point has already been verified to be part of a valid
+		// escape sequence.
+		$at = $offset;
+
+		// EOF.
+		if ( $at >= $this->length ) {
+			// This is a parse error. Return U+FFFD REPLACEMENT CHARACTER (�).
+			$bytes_consumed = 0;
+			return "\u{FFFD}";
+		}
+
+		// Hex digits.
+		$hex_len = strspn( $this->css, '0123456789ABCDEFabcdef', $at );
+		if ( $hex_len > 0 ) {
+			// Consume up to 6 hex digits.
+			$hex_len = min( $hex_len, 6 );
+			$hex     = substr( $this->css, $at, $hex_len );
+			$at     += $hex_len;
+
+			// If the next input code point is whitespace, consume it as well.
+			if ( $at < $this->length ) {
+				$next = $this->css[ $at ];
+				if ( "\t" === $next || "\n" === $next || "\f" === $next || ' ' === $next ) {
+					++$at;
+				} elseif ( "\r" === $next ) {
+					++$at;
+					// Handle \r\n as a single whitespace – the preprocessing phase would replace \r\n with \n.
+					if ( $at < $this->length && "\n" === $this->css[ $at ] ) {
+						++$at;
+					}
+				}
+			}
+
+			$bytes_consumed = $at - $offset;
+			// Convert the hex digits to a UTF-8 string.
+			return WP_HTML_Decoder::code_point_to_utf8_bytes( hexdec( $hex ) );
+		}
+
+		// Anything else.
+		// Return the current input code point.
+		// Null bytes are replaced with U+FFFD during preprocessing.
+		if ( "\x00" === $this->css[ $at ] ) {
+			$bytes_consumed = 1;
+			return "\u{FFFD}";
+		}
+
+		$new_at         = $at;
+		$invalid_length = 0;
+		if ( 1 !== _wp_scan_utf8( $this->css, $new_at, $invalid_length, null, 1 ) ) {
+			/**
+			 * Trouble ahead!
+			 * Bytes at $at are not a valid UTF-8 sequence.
+			 *
+			 * We'll move forward by $invalid_length bytes and continue processing.
+			 * Later on, during the string decoding, we'll replace the invalid bytes with U+FFFD
+			 * via maximal subpart”replacement.
+			 */
+			$matched_bytes = $invalid_length;
+		} else {
+			$matched_bytes = $new_at - $at;
+		}
+
+		$bytes_consumed = $matched_bytes;
+		return substr( $this->css, $at, $matched_bytes );
+	}
+
+	/**
+	 * Checks if current position starts a valid escape sequence.
+	 *
+	 * A valid escape is a backslash not followed by a newline or EOF.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#starts-with-a-valid-escape
+	 *
+	 * @param int $offset Byte offset.
+	 * @return bool
+	 */
+	private function is_valid_escape( int $offset ): bool {
+		// If the first code point is not U+005C REVERSE SOLIDUS (\), return false.
+		if ( $offset >= $this->length || '\\' !== $this->css[ $offset ] ) {
+			return false;
+		}
+		// Otherwise, if the second code point is a newline, return false.
+		if ( $offset + 1 >= $this->length ) {
+			// Second code point is EOF - this is a valid escape per spec (weird!)
+			// Are we sure we're interpreting the spec correctly?
+			return true;
+		}
+
+		// Otherwise, if the second code point is not a newline, return true.
+		return (
+			"\n" !== $this->css[ $offset + 1 ] &&
+
+			// Form feed is normalized to newline during preprocessing.
+			"\f" !== $this->css[ $offset + 1 ] &&
+
+			// Carriage return is normalized to newline during preprocessing.
+			"\r" !== $this->css[ $offset + 1 ]
+
+			// We don't need to check for \r\n separately here. The \r check alone covers
+			// that scenario.
+		);
+	}
+
+	/**
+	 * Checks if the next 3 code points would start a number.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#starts-with-a-number
+	 *
+	 * @return bool
+	 */
+	private function would_next_3_code_points_start_a_number(): bool {
+		if ( $this->at >= $this->length ) {
+			return false;
+		}
+
+		// Look at the first code point.
+
+		// U+002B PLUS SIGN (+) or U+002D HYPHEN-MINUS (-).
+		if ( '+' === $this->css[ $this->at ] || '-' === $this->css[ $this->at ] ) {
+			if ( $this->at + 1 >= $this->length ) {
+				return false;
+			}
+			// If the second code point is a digit, return true.
+			if ( $this->css[ $this->at + 1 ] >= '0' && $this->css[ $this->at + 1 ] <= '9' ) {
+				return true;
+			}
+			// Otherwise, the second code point must be a full stop (.) and the third code point must be a digit.
+			if ( '.' === $this->css[ $this->at + 1 ] && $this->at + 2 < $this->length ) {
+				return $this->css[ $this->at + 2 ] >= '0' && $this->css[ $this->at + 2 ] <= '9';
+			}
+
+			// Otherwise, return false.
+			return false;
+		}
+
+		// U+002E FULL STOP (.).
+		if ( '.' === $this->css[ $this->at ] ) {
+			if ( $this->at + 1 >= $this->length ) {
+				return false;
+			}
+			return $this->css[ $this->at + 1 ] >= '0' && $this->css[ $this->at + 1 ] <= '9';
+		}
+
+		// Digit.
+		if ( $this->css[ $this->at ] >= '0' && $this->css[ $this->at ] <= '9' ) {
+			return true;
+		}
+
+		// Anything else – return false.
+		return false;
+	}
+
+	/**
+	 * Checks if three code points would start an identifier sequence.
+	 *
+	 * This implements the CSS spec's "Check if three code points would start an ident sequence"
+	 * algorithm, which checks the code point at $offset and the following two code points.
+	 *
+	 * NOTE: "Three code points" means three Unicode code points, not three bytes.
+	 * Multi-byte UTF-8 sequences count as single code points.
+	 *
+	 * @see https://www.w3.org/TR/css-syntax-3/#would-start-an-identifier
+	 *
+	 * @param int $offset Byte offset of the first code point to check.
+	 * @return bool
+	 */
+	private function check_if_3_code_points_start_an_ident_sequence( int $offset ): bool {
+		if ( $offset >= $this->length ) {
+			return false;
+		}
+
+		if ( '-' === $this->css[ $offset ] ) {
+			// If the second code point is a U+002D HYPHEN-MINUS (-), return true.
+			// e.g. --custom-property.
+			if ( $offset + 1 < $this->length && '-' === $this->css[ $offset + 1 ] ) {
+				return true;
+			}
+			// Otherwise, check if the second code point is an ident-START code point or valid escape.
+			// Note: After a hyphen, only ident-START code points are valid, NOT digits or hyphens.
+			++$offset;
+		}
+
+		return $this->consume_ident_start_codepoint( $offset ) > 0 || $this->is_valid_escape( $offset );
+	}
+
+	/**
+	 * Convert a UTF-8 byte sequence to its Unicode codepoint.
+	 *
+	 * @param  string $character  UTF-8 encoded byte sequence representing a single Unicode character.
+	 *
+	 * @return int Unicode codepoint.
+	 */
+	private static function utf8_ord( string $character ): int {
+		// Convert the byte sequence to its binary representation.
+		$bytes = unpack( 'C*', $character );
+
+		// Initialize the codepoint.
+		$codepoint = 0;
+
+		// Calculate the codepoint based on the number of bytes.
+		if ( 1 === count( $bytes ) ) {
+			$codepoint = $bytes[1];
+		} elseif ( 2 === count( $bytes ) ) {
+			$codepoint = ( ( $bytes[1] & 0x1F ) << 6 ) | ( $bytes[2] & 0x3F );
+		} elseif ( 3 === count( $bytes ) ) {
+			$codepoint = ( ( $bytes[1] & 0x0F ) << 12 ) | ( ( $bytes[2] & 0x3F ) << 6 ) | ( $bytes[3] & 0x3F );
+		} elseif ( 4 === count( $bytes ) ) {
+			$codepoint = ( ( $bytes[1] & 0x07 ) << 18 ) | ( ( $bytes[2] & 0x3F ) << 12 ) | ( ( $bytes[3] & 0x3F ) << 6 ) | ( $bytes[4] & 0x3F );
+		}
+
+		return $codepoint;
+	}
+}
diff --git a/src/wp-includes/fonts/class-wp-font-collection.php b/src/wp-includes/fonts/class-wp-font-collection.php
index b915e3ea58d0d..e59666deeee64 100644
--- a/src/wp-includes/fonts/class-wp-font-collection.php
+++ b/src/wp-includes/fonts/class-wp-font-collection.php
@@ -259,7 +259,7 @@ private static function get_sanitization_schema() {
 						'preview'    => 'sanitize_url',
 						'fontFace'   => array(
 							array(
-								'fontFamily'            => 'sanitize_text_field',
+								'fontFamily'            => 'WP_Font_Utils::normalize_css_font_face_font_family',
 								'fontStyle'             => 'sanitize_text_field',
 								'fontWeight'            => 'sanitize_text_field',
 								'src'                   => static function ( $value ) {
diff --git a/src/wp-includes/fonts/class-wp-font-utils.php b/src/wp-includes/fonts/class-wp-font-utils.php
index 0ec36abc3f64b..58fcd3b7933d6 100644
--- a/src/wp-includes/fonts/class-wp-font-utils.php
+++ b/src/wp-includes/fonts/class-wp-font-utils.php
@@ -35,11 +35,222 @@ private static function maybe_add_quotes( $item ) {
 		$item  = trim( $item );
 		if ( preg_match( $regex, $item ) ) {
 			$item = trim( $item, "\"'" );
-			return '"' . $item . '"';
+			return WP_CSS_Builder::string( $item );
 		}
 		return $item;
 	}
 
+	/**
+	 * Normalize @font-face font-family CSS text.
+	 *
+	 * The return value is always normalized to a quoted CSS string.
+	 *
+	 * - Valid @font-face font-family values must return a semantically equivalent result.
+	 * - Normalization must be idempotent.
+	 * - If a CSS string is the first value, it will be used discarding subsequent text.
+	 * - The first valid value in a CSS comma-separated list will be used discarding subsequent text.
+	 * - If the value does not appear to be valid CSS or start with a valid CSS
+	 *   @font-face font-family, treat the entire input as a plain string for normalization.
+	 *
+	 * Relevant notes from the CSS specification:
+	 *
+	 * > Syntax of <family-name>
+	 * >     <family-name> = <string> | <custom-ident>+
+	 * > …
+	 * > To avoid mistakes in escaping, it is recommended to quote font family names that contain
+	 * > white space, digits, or punctuation characters other than hyphens
+	 *
+	 * @see https://drafts.csswg.org/css-fonts/#family-name-syntax
+	 *
+	 * @param string $font_family CSS text @font-face font-family value.
+	 * @return string Normalized value or null if the value could not be normalized.
+	 */
+	public static function normalize_css_font_face_font_family( string $font_family ): string {
+		// Scrub and CSS trim whitespace.
+		$font_family = trim( wp_scrub_utf8( $font_family ), "\t\n\f\r " );
+		$processor   = WP_CSS_Token_Processor::create( $font_family );
+		assert( null !== $processor, 'A valid processor must be created' );
+
+		// Ignore leading whitespace tokens.
+		while ( $processor->next_token() && WP_CSS_Token_Processor::TOKEN_WHITESPACE === $processor->get_token_type() ) {
+			continue;
+		}
+
+		$token_type = $processor->get_token_type();
+		if ( WP_CSS_Token_Processor::TOKEN_STRING === $token_type ) {
+			return WP_CSS_Builder::string( $processor->get_token_value() );
+		}
+
+		/**
+		 * Idents can be composed to form a <family-name>, otherwise consider the
+		 * font-family invalid.
+		 */
+		if ( WP_CSS_Token_Processor::TOKEN_IDENT !== $token_type ) {
+			return WP_CSS_Builder::string( $font_family );
+		}
+
+		/**
+		 * > If a sequence of identifiers is given as a <family-name>, the computed value is
+		 * > the name converted to a string by joining all the identifiers in the sequence
+		 * > by single spaces.
+		 *
+		 * @see https://drafts.csswg.org/css-fonts/#family-name-syntax
+		 */
+		$plaintext_font_ident_parts = array( $processor->get_token_value() );
+		while ( $processor->next_token() ) {
+			switch ( $processor->get_token_type() ) {
+				case WP_CSS_Token_Processor::TOKEN_IDENT:
+					$plaintext_font_ident_parts[] = $processor->get_token_value();
+					break;
+
+				case WP_CSS_Token_Processor::TOKEN_WHITESPACE:
+					continue 2;
+
+				/**
+				 * Comma tokens suggest this was a multi-value font-family (for qualified rules, not
+				 * @font-face rules). Stop processing to handle only the first value.
+				 */
+				case WP_CSS_Token_Processor::TOKEN_COMMA:
+					break 2;
+
+				// Anything else is an error.
+				default:
+					return WP_CSS_Builder::string( $font_family );
+			}
+		}
+
+		return WP_CSS_Builder::string( implode( ' ', $plaintext_font_ident_parts ) );
+	}
+
+	/**
+	 * Normalize a CSS qualified rule font-family value.
+	 *
+	 * Warning! This function is unsuitable for `@font-face` `font-family` values. {@see WP_Font_Utils::normalize_css_font_face_font_family()} should be used for @font-face.
+	 * > Value:
+	 * >     [ <family-name> | <generic-family> ]#
+	 * > Computed value:
+	 * >     list, each item a string and/or <generic-family> keywords
+	 *
+	 * @see https://drafts.csswg.org/css-fonts/#font-family-prop
+	 * @see https://www.w3.org/TR/css-syntax-3/#parse-comma-list
+	 */
+	public static function normalize_css_font_family( string $font_family ): string {
+		// Scrub and CSS trim whitespace.
+		$font_family = trim( wp_scrub_utf8( $font_family ), "\t\n\f\r " );
+		$processor   = WP_CSS_Token_Processor::create( $font_family );
+		assert( null !== $processor, 'A valid processor must be created' );
+
+		/*
+		 * States for the parser:
+		 *  0 = ITEM_START:    expecting start of a new comma-separated item
+		 *  1 = AFTER_STRING:  saw a string, expecting comma or EOF
+		 *  2 = IN_IDENTS:     collecting ident tokens
+		 *  3 = IN_GENERIC:    inside generic() function, collecting idents
+		 *  4 = AFTER_GENERIC: after closing ) of generic(), expecting comma or EOF
+		 */
+		$state       = 0;
+		$items       = array();
+		$ident_parts = array();
+
+		while ( $processor->next_token() ) {
+			$type = $processor->get_token_type();
+
+			// Whitespace and comments are skipped in all states.
+			if (
+				WP_CSS_Token_Processor::TOKEN_WHITESPACE === $type ||
+				WP_CSS_Token_Processor::TOKEN_COMMENT === $type
+			) {
+				continue;
+			}
+
+			switch ( $state ) {
+				case 0: // ITEM_START
+					if ( WP_CSS_Token_Processor::TOKEN_STRING === $type ) {
+						$items[] = WP_CSS_Builder::string( $processor->get_token_value() );
+						$state   = 1;
+					} elseif ( WP_CSS_Token_Processor::TOKEN_IDENT === $type ) {
+						$ident_parts = array( $processor->get_token_value() );
+						$state       = 2;
+					} elseif ( WP_CSS_Token_Processor::TOKEN_FUNCTION === $type && 'generic' === strtolower( $processor->get_token_value() ) ) {
+						$ident_parts = array();
+						$state       = 3;
+					} else {
+						return '';
+					}
+					break;
+
+				case 1: // AFTER_STRING
+					if ( WP_CSS_Token_Processor::TOKEN_COMMA === $type ) {
+						$state = 0;
+					} else {
+						return '';
+					}
+					break;
+
+				case 2: // IN_IDENTS
+					if ( WP_CSS_Token_Processor::TOKEN_IDENT === $type ) {
+						$ident_parts[] = $processor->get_token_value();
+					} elseif ( WP_CSS_Token_Processor::TOKEN_COMMA === $type ) {
+						$items[] = implode( ' ', array_map( array( 'WP_CSS_Builder', 'ident' ), $ident_parts ) );
+						$state   = 0;
+					} else {
+						return '';
+					}
+					break;
+
+				case 3: // IN_GENERIC
+					if ( WP_CSS_Token_Processor::TOKEN_IDENT === $type ) {
+						$ident_parts[] = $processor->get_token_value();
+					} elseif ( WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN === $type ) {
+						if ( empty( $ident_parts ) ) {
+							return '';
+						}
+						$items[] = 'generic(' . implode( ' ', array_map( array( 'WP_CSS_Builder', 'ident' ), $ident_parts ) ) . ')';
+						$state   = 4;
+					} else {
+						return '';
+					}
+					break;
+
+				case 4: // AFTER_GENERIC
+					if ( WP_CSS_Token_Processor::TOKEN_COMMA === $type ) {
+						$state = 0;
+					} else {
+						return '';
+					}
+					break;
+			}
+		}
+
+		// Finalize last item based on state at EOF.
+		switch ( $state ) {
+			case 0:
+				// EOF at ITEM_START: either empty input or trailing comma.
+				if ( empty( $items ) ) {
+					return '';
+				}
+				// Trailing comma — last item was followed by comma but no next item.
+				return '';
+
+			case 1: // String at EOF — already added to items.
+			case 4: // After generic close at EOF — already added to items.
+				break;
+
+			case 2: // Ident sequence at EOF — finalize.
+				$items[] = implode( ' ', array_map( array( 'WP_CSS_Builder', 'ident' ), $ident_parts ) );
+				break;
+
+			case 3: // Inside unclosed generic() — invalid.
+				return '';
+		}
+
+		if ( empty( $items ) ) {
+			return '';
+		}
+
+		return implode( ', ', $items );
+	}
+
 	/**
 	 * Sanitizes and formats font family names.
 	 *
diff --git a/src/wp-includes/rest-api/endpoints/class-wp-rest-font-faces-controller.php b/src/wp-includes/rest-api/endpoints/class-wp-rest-font-faces-controller.php
index 6b1d44d440247..fd896c1ad45be 100644
--- a/src/wp-includes/rest-api/endpoints/class-wp-rest-font-faces-controller.php
+++ b/src/wp-includes/rest-api/endpoints/class-wp-rest-font-faces-controller.php
@@ -540,7 +540,7 @@ public function get_item_schema() {
 							'type'        => 'string',
 							'default'     => '',
 							'arg_options' => array(
-								'sanitize_callback' => array( 'WP_Font_Utils', 'sanitize_font_family' ),
+								'sanitize_callback' => array( 'WP_Font_Utils', 'normalize_css_font_face_font_family' ),
 							),
 						),
 						'fontStyle'             => array(
diff --git a/src/wp-settings.php b/src/wp-settings.php
index dab1d8fd4c0de..0791c1b592d02 100644
--- a/src/wp-settings.php
+++ b/src/wp-settings.php
@@ -276,6 +276,8 @@
 require ABSPATH . WPINC . '/html-api/class-wp-html-stack-event.php';
 require ABSPATH . WPINC . '/html-api/class-wp-html-processor-state.php';
 require ABSPATH . WPINC . '/html-api/class-wp-html-processor.php';
+require ABSPATH . WPINC . '/css-api/class-wp-css-builder.php';
+require ABSPATH . WPINC . '/css-api/class-wp-css-token-processor.php';
 require ABSPATH . WPINC . '/class-wp-block-processor.php';
 require ABSPATH . WPINC . '/class-wp-http.php';
 require ABSPATH . WPINC . '/class-wp-http-streams.php';
diff --git a/tests/phpunit/data/css-api/css-test-cases.json b/tests/phpunit/data/css-api/css-test-cases.json
new file mode 100644
index 0000000000000..a1c100811878e
--- /dev/null
+++ b/tests/phpunit/data/css-api/css-test-cases.json
@@ -0,0 +1,4923 @@
+{
+	"tests/at-keyword/0001": {
+		"css": "@foo\n",
+		"tokens": [
+			{
+				"type": "at-keyword-token",
+				"raw": "@foo",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "@foo",
+				"value": "foo"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/at-keyword/0002": {
+		"css": "@--\n",
+		"tokens": [
+			{
+				"type": "at-keyword-token",
+				"raw": "@--",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "@--",
+				"value": "--"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/at-keyword/0003": {
+		"css": "@-1\n",
+		"tokens": [
+			{
+				"type": "delim-token",
+				"raw": "@",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "@",
+				"value": "@"
+			},
+			{
+				"type": "number-token",
+				"raw": "-1",
+				"startIndex": 1,
+				"endIndex": 3,
+				"normalized": "-1",
+				"value": "-1"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/at-keyword/0004": {
+		"css": "@--1\n",
+		"tokens": [
+			{
+				"type": "at-keyword-token",
+				"raw": "@--1",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "@--1",
+				"value": "--1"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/at-keyword/0005": {
+		"css": "@\\@\n",
+		"tokens": [
+			{
+				"type": "at-keyword-token",
+				"raw": "@\\@",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "@@",
+				"value": "@"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/at-keyword/0006": {
+		"css": "@_\n",
+		"tokens": [
+			{
+				"type": "at-keyword-token",
+				"raw": "@_",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "@_",
+				"value": "_"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/at-keyword/0007": {
+		"css": "@\n",
+		"tokens": [
+			{
+				"type": "delim-token",
+				"raw": "@",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "@",
+				"value": "@"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/at-keyword/0008": {
+		"css": "pvA3@\\\neBnP\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "pvA3",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "pvA3",
+				"value": "pvA3"
+			},
+			{
+				"type": "delim-token",
+				"raw": "@",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": "@",
+				"value": "@"
+			},
+			{
+				"type": "delim-token",
+				"raw": "\\",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": "\\",
+				"value": "\\"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "\n",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "eBnP",
+				"startIndex": 7,
+				"endIndex": 11,
+				"normalized": "eBnP",
+				"value": "eBnP"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 11,
+				"endIndex": 12,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/at-keyword/0009": {
+		"css": "@aa𐀀\n",
+		"tokens": [
+			{
+				"type": "at-keyword-token",
+				"raw": "@aa𐀀",
+				"startIndex": 0,
+				"endIndex": 7,
+				"normalized": "@aa𐀀",
+				"value": "aa𐀀"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 7,
+				"endIndex": 8,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/bad-string/0001": {
+		"css": "\"foo\n\"\n",
+		"tokens": [
+			{
+				"type": "bad-string-token",
+				"raw": "\"foo",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "\"foo",
+				"value": "foo"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": "\n",
+				"value": null
+			},
+			{
+				"type": "bad-string-token",
+				"raw": "\"",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": "\"",
+				"value": ""
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/bad-string/0002": {
+		"css": "\"foo\\\n\"\n",
+		"tokens": [
+			{
+				"type": "string-token",
+				"raw": "\"foo\\\n\"",
+				"startIndex": 0,
+				"endIndex": 7,
+				"normalized": "\"foo\\\n\"",
+				"value": "foo\\\n"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 7,
+				"endIndex": 8,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/bad-string/0003": {
+		"css": "\"foo\r\n\"\n",
+		"tokens": [
+			{
+				"type": "bad-string-token",
+				"raw": "\"foo",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "\"foo",
+				"value": "foo"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\r\n",
+				"startIndex": 4,
+				"endIndex": 6,
+				"normalized": "\n",
+				"value": null
+			},
+			{
+				"type": "bad-string-token",
+				"raw": "\"",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "\"",
+				"value": ""
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 7,
+				"endIndex": 8,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/bad-string/0004": {
+		"css": "\"foo\\\r\n\"\n",
+		"tokens": [
+			{
+				"type": "string-token",
+				"raw": "\"foo\\\r\n\"",
+				"startIndex": 0,
+				"endIndex": 8,
+				"normalized": "\"foo\\\n\"",
+				"value": "foo\\\n"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 8,
+				"endIndex": 9,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/bad-string/0005": {
+		"css": "\"aa𐀀\n",
+		"tokens": [
+			{
+				"type": "bad-string-token",
+				"raw": "\"aa𐀀",
+				"startIndex": 0,
+				"endIndex": 7,
+				"normalized": "\"aa𐀀",
+				"value": "aa𐀀"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 7,
+				"endIndex": 8,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/bad-url/0001": {
+		"css": "url(\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "url(\n",
+				"startIndex": 0,
+				"endIndex": 5,
+				"normalized": "url(\n",
+				"value": ""
+			}
+		]
+	},
+	"tests/bad-url/0002": {
+		"css": "url( a\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "url( a\n",
+				"startIndex": 0,
+				"endIndex": 7,
+				"normalized": "url( a\n",
+				"value": "a"
+			}
+		]
+	},
+	"tests/bad-url/0003": {
+		"css": "url( a a\n",
+		"tokens": [
+			{
+				"type": "bad-url-token",
+				"raw": "url( a a\n",
+				"startIndex": 0,
+				"endIndex": 9,
+				"normalized": "url( a a\n",
+				"value": null
+			}
+		]
+	},
+	"tests/bad-url/0004": {
+		"css": "url( a a)\n",
+		"tokens": [
+			{
+				"type": "bad-url-token",
+				"raw": "url( a a)",
+				"startIndex": 0,
+				"endIndex": 9,
+				"normalized": "url( a a)",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 9,
+				"endIndex": 10,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/bad-url/0005": {
+		"css": "url( a a\\)\n",
+		"tokens": [
+			{
+				"type": "bad-url-token",
+				"raw": "url( a a\\)\n",
+				"startIndex": 0,
+				"endIndex": 11,
+				"normalized": "url( a a)\n",
+				"value": null
+			}
+		]
+	},
+	"tests/bad-url/0006": {
+		"css": "url( \\\n",
+		"tokens": [
+			{
+				"type": "bad-url-token",
+				"raw": "url( \\\n",
+				"startIndex": 0,
+				"endIndex": 7,
+				"normalized": "url( \\\n",
+				"value": null
+			}
+		]
+	},
+	"tests/bad-url/0007": {
+		"css": "url(a'')\n",
+		"tokens": [
+			{
+				"type": "bad-url-token",
+				"raw": "url(a'')",
+				"startIndex": 0,
+				"endIndex": 8,
+				"normalized": "url(a'')",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 8,
+				"endIndex": 9,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/bad-url/0008": {
+		"css": "url(a\")\n",
+		"tokens": [
+			{
+				"type": "bad-url-token",
+				"raw": "url(a\")",
+				"startIndex": 0,
+				"endIndex": 7,
+				"normalized": "url(a\")",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 7,
+				"endIndex": 8,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/colon/0001": {
+		"css": ":\n",
+		"tokens": [
+			{
+				"type": "colon-token",
+				"raw": ":",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": ":",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/comma/0001": {
+		"css": ",\n",
+		"tokens": [
+			{
+				"type": "comma-token",
+				"raw": ",",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": ",",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/comment/0001": {
+		"css": "/* a comment */\n",
+		"tokens": [
+			{
+				"type": "comment",
+				"raw": "/* a comment */",
+				"startIndex": 0,
+				"endIndex": 15,
+				"normalized": "/* a comment */",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 15,
+				"endIndex": 16,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/comment/0002": {
+		"css": "/* a comment ",
+		"tokens": [
+			{
+				"type": "comment",
+				"raw": "/* a comment ",
+				"startIndex": 0,
+				"endIndex": 13,
+				"normalized": "/* a comment ",
+				"value": null
+			}
+		]
+	},
+	"tests/comment/0003": {
+		"css": "a/**/b\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "a",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "a",
+				"value": "a"
+			},
+			{
+				"type": "comment",
+				"raw": "/**/",
+				"startIndex": 1,
+				"endIndex": 5,
+				"normalized": "/**/",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "b",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": "b",
+				"value": "b"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/comment/0004": {
+		"css": "/*\\*/*/\n",
+		"tokens": [
+			{
+				"type": "comment",
+				"raw": "/*\\*/",
+				"startIndex": 0,
+				"endIndex": 5,
+				"normalized": "/**/",
+				"value": null
+			},
+			{
+				"type": "delim-token",
+				"raw": "*",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": "*",
+				"value": "*"
+			},
+			{
+				"type": "delim-token",
+				"raw": "/",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "/",
+				"value": "/"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 7,
+				"endIndex": 8,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/comment/0005": {
+		"css": "/* a comment *",
+		"tokens": [
+			{
+				"type": "comment",
+				"raw": "/* a comment *",
+				"startIndex": 0,
+				"endIndex": 14,
+				"normalized": "/* a comment *",
+				"value": null
+			}
+		]
+	},
+	"tests/comment/0006": {
+		"css": "/*a𐀀*/\n",
+		"tokens": [
+			{
+				"type": "comment",
+				"raw": "/*a𐀀*/",
+				"startIndex": 0,
+				"endIndex": 9,
+				"normalized": "/*a𐀀*/",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 9,
+				"endIndex": 10,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/digit/0001": {
+		"css": "0\n1\n2\n3\n4\n5\n6\n7\n8\n9\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "0",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "0",
+				"value": "0"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\n",
+				"value": null
+			},
+			{
+				"type": "number-token",
+				"raw": "1",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "1",
+				"value": "1"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			},
+			{
+				"type": "number-token",
+				"raw": "2",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": "2",
+				"value": "2"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": "\n",
+				"value": null
+			},
+			{
+				"type": "number-token",
+				"raw": "3",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "3",
+				"value": "3"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 7,
+				"endIndex": 8,
+				"normalized": "\n",
+				"value": null
+			},
+			{
+				"type": "number-token",
+				"raw": "4",
+				"startIndex": 8,
+				"endIndex": 9,
+				"normalized": "4",
+				"value": "4"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 9,
+				"endIndex": 10,
+				"normalized": "\n",
+				"value": null
+			},
+			{
+				"type": "number-token",
+				"raw": "5",
+				"startIndex": 10,
+				"endIndex": 11,
+				"normalized": "5",
+				"value": "5"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 11,
+				"endIndex": 12,
+				"normalized": "\n",
+				"value": null
+			},
+			{
+				"type": "number-token",
+				"raw": "6",
+				"startIndex": 12,
+				"endIndex": 13,
+				"normalized": "6",
+				"value": "6"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 13,
+				"endIndex": 14,
+				"normalized": "\n",
+				"value": null
+			},
+			{
+				"type": "number-token",
+				"raw": "7",
+				"startIndex": 14,
+				"endIndex": 15,
+				"normalized": "7",
+				"value": "7"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 15,
+				"endIndex": 16,
+				"normalized": "\n",
+				"value": null
+			},
+			{
+				"type": "number-token",
+				"raw": "8",
+				"startIndex": 16,
+				"endIndex": 17,
+				"normalized": "8",
+				"value": "8"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 17,
+				"endIndex": 18,
+				"normalized": "\n",
+				"value": null
+			},
+			{
+				"type": "number-token",
+				"raw": "9",
+				"startIndex": 18,
+				"endIndex": 19,
+				"normalized": "9",
+				"value": "9"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 19,
+				"endIndex": 20,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/dimension/0001": {
+		"css": "10px\n",
+		"tokens": [
+			{
+				"type": "dimension-token",
+				"raw": "10px",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "10px",
+				"value": "10",
+				"unit": "px"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/dimension/0002": {
+		"css": "10\\70 x\n",
+		"tokens": [
+			{
+				"type": "dimension-token",
+				"raw": "10\\70 x",
+				"startIndex": 0,
+				"endIndex": 7,
+				"normalized": "10px",
+				"value": "10",
+				"unit": "px"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 7,
+				"endIndex": 8,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/dimension/0003": {
+		"css": "10--custom-px\n",
+		"tokens": [
+			{
+				"type": "dimension-token",
+				"raw": "10--custom-px",
+				"startIndex": 0,
+				"endIndex": 13,
+				"normalized": "10--custom-px",
+				"value": "10",
+				"unit": "--custom-px"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 13,
+				"endIndex": 14,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/dimension/0004": {
+		"css": "10e2px\n",
+		"tokens": [
+			{
+				"type": "dimension-token",
+				"raw": "10e2px",
+				"startIndex": 0,
+				"endIndex": 6,
+				"normalized": "10e2px",
+				"value": "10e2",
+				"unit": "px"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/dimension/0005": {
+		"css": "10E2PX\n",
+		"tokens": [
+			{
+				"type": "dimension-token",
+				"raw": "10E2PX",
+				"startIndex": 0,
+				"endIndex": 6,
+				"normalized": "10E2PX",
+				"value": "10E2",
+				"unit": "PX"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/dimension/0006": {
+		"css": "10\\0\n",
+		"tokens": [
+			{
+				"type": "dimension-token",
+				"raw": "10\\0\n",
+				"startIndex": 0,
+				"endIndex": 5,
+				"normalized": "10�",
+				"value": "10",
+				"unit": "�"
+			}
+		]
+	},
+	"tests/dimension/0007": {
+		"css": "10a𐀀\n",
+		"tokens": [
+			{
+				"type": "dimension-token",
+				"raw": "10a𐀀",
+				"startIndex": 0,
+				"endIndex": 7,
+				"normalized": "10a𐀀",
+				"value": "10",
+				"unit": "a𐀀"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 7,
+				"endIndex": 8,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/dimension/0008": {
+		"css": "10a\u0000",
+		"tokens": [
+			{
+				"type": "dimension-token",
+				"raw": "10a\u0000",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "10a�",
+				"value": "10",
+				"unit": "a�"
+			}
+		]
+	},
+	"tests/escaped-code-point/0001": {
+		"css": "\\",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "�",
+				"value": "�"
+			}
+		]
+	},
+	"tests/escaped-code-point/0002": {
+		"css": "\\0",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\0",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "�",
+				"value": "�"
+			}
+		]
+	},
+	"tests/escaped-code-point/0003": {
+		"css": "\\\\",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\\\",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "\\",
+				"value": "\\"
+			}
+		]
+	},
+	"tests/escaped-code-point/0004": {
+		"css": "\\0a b\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\0a b",
+				"startIndex": 0,
+				"endIndex": 5,
+				"normalized": "\nb",
+				"value": "\nb"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/escaped-code-point/0005": {
+		"css": "\\0ab \n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\0ab ",
+				"startIndex": 0,
+				"endIndex": 5,
+				"normalized": "«",
+				"value": "«"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/escaped-code-point/0006": {
+		"css": "\\0ab (foo)\n",
+		"tokens": [
+			{
+				"type": "function-token",
+				"raw": "\\0ab (",
+				"startIndex": 0,
+				"endIndex": 6,
+				"normalized": "«(",
+				"value": "«"
+			},
+			{
+				"type": "ident-token",
+				"raw": "foo",
+				"startIndex": 6,
+				"endIndex": 9,
+				"normalized": "foo",
+				"value": "foo"
+			},
+			{
+				"type": ")-token",
+				"raw": ")",
+				"startIndex": 9,
+				"endIndex": 10,
+				"normalized": ")",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 10,
+				"endIndex": 11,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/escaped-code-point/0007": {
+		"css": "\\0ab  (foo)\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\0ab ",
+				"startIndex": 0,
+				"endIndex": 5,
+				"normalized": "«",
+				"value": "«"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": " ",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": " ",
+				"value": null
+			},
+			{
+				"type": "(-token",
+				"raw": "(",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "(",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "foo",
+				"startIndex": 7,
+				"endIndex": 10,
+				"normalized": "foo",
+				"value": "foo"
+			},
+			{
+				"type": ")-token",
+				"raw": ")",
+				"startIndex": 10,
+				"endIndex": 11,
+				"normalized": ")",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 11,
+				"endIndex": 12,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/escaped-code-point/0008": {
+		"css": "\\0000ab\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\0000ab\n",
+				"startIndex": 0,
+				"endIndex": 8,
+				"normalized": "«",
+				"value": "«"
+			}
+		]
+	},
+	"tests/escaped-code-point/0009": {
+		"css": "\\00000ab\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\00000ab",
+				"startIndex": 0,
+				"endIndex": 8,
+				"normalized": "\nb",
+				"value": "\nb"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 8,
+				"endIndex": 9,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/escaped-code-point/0010": {
+		"css": "\\110000\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\110000\n",
+				"startIndex": 0,
+				"endIndex": 8,
+				"normalized": "�",
+				"value": "�"
+			}
+		]
+	},
+	"tests/escaped-code-point/0011": {
+		"css": "\\00D800\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\00D800\n",
+				"startIndex": 0,
+				"endIndex": 8,
+				"normalized": "�",
+				"value": "�"
+			}
+		]
+	},
+	"tests/escaped-code-point/0012": {
+		"css": "\\00DFFF\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\00DFFF\n",
+				"startIndex": 0,
+				"endIndex": 8,
+				"normalized": "�",
+				"value": "�"
+			}
+		]
+	},
+	"tests/escaped-code-point/0013": {
+		"css": "\\\n",
+		"tokens": [
+			{
+				"type": "delim-token",
+				"raw": "\\",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "\\",
+				"value": "\\"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/escaped-code-point/0014": {
+		"css": "\\\u0000\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\\u0000",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "�",
+				"value": "�"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/escaped-code-point/0015": {
+		"css": "\\\u0000\b\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\\u0000",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "�",
+				"value": "�"
+			},
+			{
+				"type": "delim-token",
+				"raw": "\b",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\b",
+				"value": "\b"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/escaped-code-point/0016": {
+		"css": "\"a\\12\r\nb\"",
+		"tokens": [
+			{
+				"type": "string-token",
+				"raw": "\"a\\12\r\nb\"",
+				"startIndex": 0,
+				"endIndex": 9,
+				"normalized": "\"a\u0012b\"",
+				"value": "a\u0012b"
+			}
+		]
+	},
+	"tests/full-stop/0001": {
+		"css": ".\n",
+		"tokens": [
+			{
+				"type": "delim-token",
+				"raw": ".",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": ".",
+				"value": "."
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/full-stop/0002": {
+		"css": ".a\n",
+		"tokens": [
+			{
+				"type": "delim-token",
+				"raw": ".",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": ".",
+				"value": "."
+			},
+			{
+				"type": "ident-token",
+				"raw": "a",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "a",
+				"value": "a"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/full-stop/0003": {
+		"css": ".1\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": ".1",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": ".1",
+				"value": ".1"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/fuzz/01a166c0-ca20-43a5-9ab0-0984e4a5362b": {
+		"css": "4waPtwEEGH\\\u0000jV3zM6hh6w30N0PC 7m8KM0HcWGOPw28Gt(r19",
+		"tokens": [
+			{
+				"type": "dimension-token",
+				"raw": "4waPtwEEGH\\\u0000jV3zM6hh6w30N0PC",
+				"startIndex": 0,
+				"endIndex": 28,
+				"normalized": "4waPtwEEGH�jV3zM6hh6w30N0PC",
+				"value": "4",
+				"unit": "waPtwEEGH�jV3zM6hh6w30N0PC"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": " ",
+				"startIndex": 28,
+				"endIndex": 29,
+				"normalized": " ",
+				"value": null
+			},
+			{
+				"type": "dimension-token",
+				"raw": "7m8KM0HcWGOPw28Gt",
+				"startIndex": 29,
+				"endIndex": 46,
+				"normalized": "7m8KM0HcWGOPw28Gt",
+				"value": "7",
+				"unit": "m8KM0HcWGOPw28Gt"
+			},
+			{
+				"type": "(-token",
+				"raw": "(",
+				"startIndex": 46,
+				"endIndex": 47,
+				"normalized": "(",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "r19",
+				"startIndex": 47,
+				"endIndex": 50,
+				"normalized": "r19",
+				"value": "r19"
+			}
+		]
+	},
+	"tests/fuzz/2abe9406-c063-4e9a-85ac-b13660671553": {
+		"css": "ak]P0A}808G\"lQh{R5M!QyOWE}oC2{2K TIa9}zb2oXWREY]0aj5J\\\r\nBJ5CO-16W5H7noF 19䀹41H3e8Z9%tg[O5AHEY24xh'9\"\"c34Q\"iiC0e45Da5f\"F5X3\"o(",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "ak",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "ak",
+				"value": "ak"
+			},
+			{
+				"type": "]-token",
+				"raw": "]",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "]",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "P0A",
+				"startIndex": 3,
+				"endIndex": 6,
+				"normalized": "P0A",
+				"value": "P0A"
+			},
+			{
+				"type": "}-token",
+				"raw": "}",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "}",
+				"value": null
+			},
+			{
+				"type": "dimension-token",
+				"raw": "808G",
+				"startIndex": 7,
+				"endIndex": 11,
+				"normalized": "808G",
+				"value": "808",
+				"unit": "G"
+			},
+			{
+				"type": "string-token",
+				"raw": "\"lQh{R5M!QyOWE}oC2{2K TIa9}zb2oXWREY]0aj5J\\\r\nBJ5CO-16W5H7noF 19䀹41H3e8Z9%tg[O5AHEY24xh'9\"",
+				"startIndex": 11,
+				"endIndex": 102,
+				"normalized": "\"lQh{R5M!QyOWE}oC2{2K TIa9}zb2oXWREY]0aj5J\\\nBJ5CO-16W5H7noF 19䀹41H3e8Z9%tg[O5AHEY24xh'9\"",
+				"value": "lQh{R5M!QyOWE}oC2{2K TIa9}zb2oXWREY]0aj5J\\\nBJ5CO-16W5H7noF 19䀹41H3e8Z9%tg[O5AHEY24xh'9"
+			},
+			{
+				"type": "string-token",
+				"raw": "\"c34Q\"",
+				"startIndex": 102,
+				"endIndex": 108,
+				"normalized": "\"c34Q\"",
+				"value": "c34Q"
+			},
+			{
+				"type": "ident-token",
+				"raw": "iiC0e45Da5f",
+				"startIndex": 108,
+				"endIndex": 119,
+				"normalized": "iiC0e45Da5f",
+				"value": "iiC0e45Da5f"
+			},
+			{
+				"type": "string-token",
+				"raw": "\"F5X3\"",
+				"startIndex": 119,
+				"endIndex": 125,
+				"normalized": "\"F5X3\"",
+				"value": "F5X3"
+			},
+			{
+				"type": "function-token",
+				"raw": "o(",
+				"startIndex": 125,
+				"endIndex": 127,
+				"normalized": "o(",
+				"value": "o"
+			}
+		]
+	},
+	"tests/fuzz/4e630a47-507b-4b79-b00f-57f7dc1cc79d": {
+		"css": "\u000e7rSD6I5L1lglVRlL2X7BbEk\\3HCd\r94 \\\u0000skoW25d4%l64UUskN\"pHun\"!",
+		"tokens": [
+			{
+				"type": "delim-token",
+				"raw": "\u000e",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "\u000e",
+				"value": "\u000e"
+			},
+			{
+				"type": "dimension-token",
+				"raw": "7rSD6I5L1lglVRlL2X7BbEk\\3HCd",
+				"startIndex": 1,
+				"endIndex": 29,
+				"normalized": "7rSD6I5L1lglVRlL2X7BbEk\u0003HCd",
+				"value": "7",
+				"unit": "rSD6I5L1lglVRlL2X7BbEk\u0003HCd"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\r",
+				"startIndex": 29,
+				"endIndex": 30,
+				"normalized": "\n",
+				"value": null
+			},
+			{
+				"type": "number-token",
+				"raw": "94",
+				"startIndex": 30,
+				"endIndex": 32,
+				"normalized": "94",
+				"value": "94"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": " ",
+				"startIndex": 32,
+				"endIndex": 33,
+				"normalized": " ",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "\\\u0000skoW25d4",
+				"startIndex": 33,
+				"endIndex": 43,
+				"normalized": "�skoW25d4",
+				"value": "�skoW25d4"
+			},
+			{
+				"type": "delim-token",
+				"raw": "%",
+				"startIndex": 43,
+				"endIndex": 44,
+				"normalized": "%",
+				"value": "%"
+			},
+			{
+				"type": "ident-token",
+				"raw": "l64UUskN",
+				"startIndex": 44,
+				"endIndex": 52,
+				"normalized": "l64UUskN",
+				"value": "l64UUskN"
+			},
+			{
+				"type": "string-token",
+				"raw": "\"pHun\"",
+				"startIndex": 52,
+				"endIndex": 58,
+				"normalized": "\"pHun\"",
+				"value": "pHun"
+			},
+			{
+				"type": "delim-token",
+				"raw": "!",
+				"startIndex": 58,
+				"endIndex": 59,
+				"normalized": "!",
+				"value": "!"
+			}
+		]
+	},
+	"tests/fuzz/4f865903-e4dd-4a0b-83ed-e630cfa9dcca": {
+		"css": "gzO0{(p{DzQ7\u0000(a1;r1iN7w)",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "gzO0",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "gzO0",
+				"value": "gzO0"
+			},
+			{
+				"type": "{-token",
+				"raw": "{",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": "{",
+				"value": null
+			},
+			{
+				"type": "(-token",
+				"raw": "(",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": "(",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "p",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "p",
+				"value": "p"
+			},
+			{
+				"type": "{-token",
+				"raw": "{",
+				"startIndex": 7,
+				"endIndex": 8,
+				"normalized": "{",
+				"value": null
+			},
+			{
+				"type": "function-token",
+				"raw": "DzQ7\u0000(",
+				"startIndex": 8,
+				"endIndex": 14,
+				"normalized": "DzQ7�(",
+				"value": "DzQ7�"
+			},
+			{
+				"type": "ident-token",
+				"raw": "a1",
+				"startIndex": 14,
+				"endIndex": 16,
+				"normalized": "a1",
+				"value": "a1"
+			},
+			{
+				"type": "semicolon-token",
+				"raw": ";",
+				"startIndex": 16,
+				"endIndex": 17,
+				"normalized": ";",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "r1iN7w",
+				"startIndex": 17,
+				"endIndex": 23,
+				"normalized": "r1iN7w",
+				"value": "r1iN7w"
+			},
+			{
+				"type": ")-token",
+				"raw": ")",
+				"startIndex": 23,
+				"endIndex": 24,
+				"normalized": ")",
+				"value": null
+			}
+		]
+	},
+	"tests/fuzz/5181013c-60ab-483b-9c06-fb32c7e1e7e8": {
+		"css": "565'E{z\u0000U\u001fEG2}2Verb>nj3TVk3mu7wX1J\b.H\u000bi1Ga8f5 dserqydJ3\"xj398xy.W\" uHQbv7Bw1NtF;N3PwNY7Vx00BF o\"4CXzvP\"{594 6r}8QQKNQw135i1\\\r\nrey\thg7[5%rBK8RUC64Lu␌17O{E\\90873u}1O3vx4gHTC55Q9i4\"V3Vx4\"7r(34L]F\"ns2pPf\"V7b)EOBGH8rdC7\"\u000eVJ4OQ[ 9jtoMdINgS7o�206vo72kTcKkZR9wl30G'vK\ndhCEs3tValX ",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "565",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "565",
+				"value": "565"
+			},
+			{
+				"type": "string-token",
+				"raw": "'E{z\u0000U\u001fEG2}2Verb>nj3TVk3mu7wX1J\b.H\u000bi1Ga8f5 dserqydJ3\"xj398xy.W\" uHQbv7Bw1NtF;N3PwNY7Vx00BF o\"4CXzvP\"{594 6r}8QQKNQw135i1\\\r\nrey\thg7[5%rBK8RUC64Lu␌17O{E\\90873u}1O3vx4gHTC55Q9i4\"V3Vx4\"7r(34L]F\"ns2pPf\"V7b)EOBGH8rdC7\"\u000eVJ4OQ[ 9jtoMdINgS7o�206vo72kTcKkZR9wl30G'",
+				"startIndex": 3,
+				"endIndex": 263,
+				"normalized": "'E{z�U\u001fEG2}2Verb>nj3TVk3mu7wX1J\b.H\u000bi1Ga8f5 dserqydJ3\"xj398xy.W\" uHQbv7Bw1NtF;N3PwNY7Vx00BF o\"4CXzvP\"{594 6r}8QQKNQw135i1\\\nrey\thg7[5%rBK8RUC64Lu␌17O{E򐡳u}1O3vx4gHTC55Q9i4\"V3Vx4\"7r(34L]F\"ns2pPf\"V7b)EOBGH8rdC7\"\u000eVJ4OQ[ 9jtoMdINgS7o�206vo72kTcKkZR9wl30G'",
+				"value": "E{z�U\u001fEG2}2Verb>nj3TVk3mu7wX1J\b.H\u000bi1Ga8f5 dserqydJ3\"xj398xy.W\" uHQbv7Bw1NtF;N3PwNY7Vx00BF o\"4CXzvP\"{594 6r}8QQKNQw135i1\\\nrey\thg7[5%rBK8RUC64Lu␌17O{E򐡳u}1O3vx4gHTC55Q9i4\"V3Vx4\"7r(34L]F\"ns2pPf\"V7b)EOBGH8rdC7\"\u000eVJ4OQ[ 9jtoMdINgS7o�206vo72kTcKkZR9wl30G"
+			},
+			{
+				"type": "ident-token",
+				"raw": "vK",
+				"startIndex": 263,
+				"endIndex": 265,
+				"normalized": "vK",
+				"value": "vK"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 265,
+				"endIndex": 266,
+				"normalized": "\n",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "dhCEs3tValX",
+				"startIndex": 266,
+				"endIndex": 277,
+				"normalized": "dhCEs3tValX",
+				"value": "dhCEs3tValX"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": " ",
+				"startIndex": 277,
+				"endIndex": 278,
+				"normalized": " ",
+				"value": null
+			}
+		]
+	},
+	"tests/fuzz/6d07fc79-586f-4efa-a0a2-37d4dd3beb09": {
+		"css": "FWUNqr7uv8300nz\b,8lU0j6B186kh \u00009 \u000eGZafxf2GIhL9%",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "FWUNqr7uv8300nz",
+				"startIndex": 0,
+				"endIndex": 15,
+				"normalized": "FWUNqr7uv8300nz",
+				"value": "FWUNqr7uv8300nz"
+			},
+			{
+				"type": "delim-token",
+				"raw": "\b",
+				"startIndex": 15,
+				"endIndex": 16,
+				"normalized": "\b",
+				"value": "\b"
+			},
+			{
+				"type": "comma-token",
+				"raw": ",",
+				"startIndex": 16,
+				"endIndex": 17,
+				"normalized": ",",
+				"value": null
+			},
+			{
+				"type": "dimension-token",
+				"raw": "8lU0j6B186kh",
+				"startIndex": 17,
+				"endIndex": 29,
+				"normalized": "8lU0j6B186kh",
+				"value": "8",
+				"unit": "lU0j6B186kh"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": " ",
+				"startIndex": 29,
+				"endIndex": 30,
+				"normalized": " ",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "\u00009",
+				"startIndex": 30,
+				"endIndex": 32,
+				"normalized": "�9",
+				"value": "�9"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": " ",
+				"startIndex": 32,
+				"endIndex": 33,
+				"normalized": " ",
+				"value": null
+			},
+			{
+				"type": "delim-token",
+				"raw": "\u000e",
+				"startIndex": 33,
+				"endIndex": 34,
+				"normalized": "\u000e",
+				"value": "\u000e"
+			},
+			{
+				"type": "ident-token",
+				"raw": "GZafxf2GIhL9",
+				"startIndex": 34,
+				"endIndex": 46,
+				"normalized": "GZafxf2GIhL9",
+				"value": "GZafxf2GIhL9"
+			},
+			{
+				"type": "delim-token",
+				"raw": "%",
+				"startIndex": 46,
+				"endIndex": 47,
+				"normalized": "%",
+				"value": "%"
+			}
+		]
+	},
+	"tests/fuzz/7f49c8fc-8292-4a3e-828b-b5d028a80d5f": {
+		"css": "FZ 0B120h5QUbNbmTD2K8mAD傿i+Yv9V0KS14Ng18ag'\\\r\n{X<E/9b}0nIa%eSz-vapw2GqeMsri#e1BQf3b\u001fPlEnFQg{ofB)L9b571J4!{mCN㐥a\\BgK48qgu9'jVRS䎟ROYRbe0m5508k,O0C\u001f",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "FZ",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "FZ",
+				"value": "FZ"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": " ",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": " ",
+				"value": null
+			},
+			{
+				"type": "dimension-token",
+				"raw": "0B120h5QUbNbmTD2K8mAD傿i",
+				"startIndex": 3,
+				"endIndex": 28,
+				"normalized": "0B120h5QUbNbmTD2K8mAD傿i",
+				"value": "0",
+				"unit": "B120h5QUbNbmTD2K8mAD傿i"
+			},
+			{
+				"type": "delim-token",
+				"raw": "+",
+				"startIndex": 28,
+				"endIndex": 29,
+				"normalized": "+",
+				"value": "+"
+			},
+			{
+				"type": "ident-token",
+				"raw": "Yv9V0KS14Ng18ag",
+				"startIndex": 29,
+				"endIndex": 44,
+				"normalized": "Yv9V0KS14Ng18ag",
+				"value": "Yv9V0KS14Ng18ag"
+			},
+			{
+				"type": "string-token",
+				"raw": "'\\\r\n{X<E/9b}0nIa%eSz-vapw2GqeMsri#e1BQf3b\u001fPlEnFQg{ofB)L9b571J4!{mCN㐥a\\BgK48qgu9'",
+				"startIndex": 44,
+				"endIndex": 126,
+				"normalized": "'\\\n{X<E/9b}0nIa%eSz-vapw2GqeMsri#e1BQf3b\u001fPlEnFQg{ofB)L9b571J4!{mCN㐥a\u000bgK48qgu9'",
+				"value": "\\\n{X<E/9b}0nIa%eSz-vapw2GqeMsri#e1BQf3b\u001fPlEnFQg{ofB)L9b571J4!{mCN㐥a\u000bgK48qgu9"
+			},
+			{
+				"type": "ident-token",
+				"raw": "jVRS䎟ROYRbe0m5508k",
+				"startIndex": 126,
+				"endIndex": 146,
+				"normalized": "jVRS䎟ROYRbe0m5508k",
+				"value": "jVRS䎟ROYRbe0m5508k"
+			},
+			{
+				"type": "comma-token",
+				"raw": ",",
+				"startIndex": 146,
+				"endIndex": 147,
+				"normalized": ",",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "O0C",
+				"startIndex": 147,
+				"endIndex": 150,
+				"normalized": "O0C",
+				"value": "O0C"
+			},
+			{
+				"type": "delim-token",
+				"raw": "\u001f",
+				"startIndex": 150,
+				"endIndex": 151,
+				"normalized": "\u001f",
+				"value": "\u001f"
+			}
+		]
+	},
+	"tests/fuzz/864d7812-b82f-47c2-94e4-8402ba6ba94a": {
+		"css": "'TR(:\b5RN)_e3w<gD5iL1EO-3zZw ntX3@0<KP9}V0 3Q80{Tqp}7dkUykEm ks �(ZnXhqsp3)G4JKqbWAfx7sPRW\"zKg19p\"Gcoi22xb\"3h5WQan.I4EUmЕ1IBofxvJ73hTA2Em\bA97(qOU)1\u0000rV7P'5528LZ14)䓑gqcRX\"aiu� \"z3i74FJ3\u00004x8F-V5b1f(U\u000b bUc",
+		"tokens": [
+			{
+				"type": "string-token",
+				"raw": "'TR(:\b5RN)_e3w<gD5iL1EO-3zZw ntX3@0<KP9}V0 3Q80{Tqp}7dkUykEm ks �(ZnXhqsp3)G4JKqbWAfx7sPRW\"zKg19p\"Gcoi22xb\"3h5WQan.I4EUmЕ1IBofxvJ73hTA2Em\bA97(qOU)1\u0000rV7P'",
+				"startIndex": 0,
+				"endIndex": 156,
+				"normalized": "'TR(:\b5RN)_e3w<gD5iL1EO-3zZw ntX3@0<KP9}V0 3Q80{Tqp}7dkUykEm ks �(ZnXhqsp3)G4JKqbWAfx7sPRW\"zKg19p\"Gcoi22xb\"3h5WQan.I4EUmЕ1IBofxvJ73hTA2Em\bA97(qOU)1�rV7P'",
+				"value": "TR(:\b5RN)_e3w<gD5iL1EO-3zZw ntX3@0<KP9}V0 3Q80{Tqp}7dkUykEm ks �(ZnXhqsp3)G4JKqbWAfx7sPRW\"zKg19p\"Gcoi22xb\"3h5WQan.I4EUmЕ1IBofxvJ73hTA2Em\bA97(qOU)1�rV7P"
+			},
+			{
+				"type": "dimension-token",
+				"raw": "5528LZ14",
+				"startIndex": 156,
+				"endIndex": 164,
+				"normalized": "5528LZ14",
+				"value": "5528",
+				"unit": "LZ14"
+			},
+			{
+				"type": ")-token",
+				"raw": ")",
+				"startIndex": 164,
+				"endIndex": 165,
+				"normalized": ")",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "䓑gqcRX",
+				"startIndex": 165,
+				"endIndex": 173,
+				"normalized": "䓑gqcRX",
+				"value": "䓑gqcRX"
+			},
+			{
+				"type": "string-token",
+				"raw": "\"aiu� \"",
+				"startIndex": 173,
+				"endIndex": 182,
+				"normalized": "\"aiu� \"",
+				"value": "aiu� "
+			},
+			{
+				"type": "function-token",
+				"raw": "z3i74FJ3\u00004x8F-V5b1f(",
+				"startIndex": 182,
+				"endIndex": 202,
+				"normalized": "z3i74FJ3�4x8F-V5b1f(",
+				"value": "z3i74FJ3�4x8F-V5b1f"
+			},
+			{
+				"type": "ident-token",
+				"raw": "U",
+				"startIndex": 202,
+				"endIndex": 203,
+				"normalized": "U",
+				"value": "U"
+			},
+			{
+				"type": "delim-token",
+				"raw": "\u000b",
+				"startIndex": 203,
+				"endIndex": 204,
+				"normalized": "\u000b",
+				"value": "\u000b"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": " ",
+				"startIndex": 204,
+				"endIndex": 205,
+				"normalized": " ",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "bUc",
+				"startIndex": 205,
+				"endIndex": 208,
+				"normalized": "bUc",
+				"value": "bUc"
+			}
+		]
+	},
+	"tests/fuzz/91de56d3-d1c7-41c9-93e2-4b0770e36e79": {
+		"css": "\tb6SUejoqAEDa\u000e9,kYO\\",
+		"tokens": [
+			{
+				"type": "whitespace-token",
+				"raw": "\t",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "\t",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "b6SUejoqAEDa",
+				"startIndex": 1,
+				"endIndex": 13,
+				"normalized": "b6SUejoqAEDa",
+				"value": "b6SUejoqAEDa"
+			},
+			{
+				"type": "delim-token",
+				"raw": "\u000e",
+				"startIndex": 13,
+				"endIndex": 14,
+				"normalized": "\u000e",
+				"value": "\u000e"
+			},
+			{
+				"type": "number-token",
+				"raw": "9",
+				"startIndex": 14,
+				"endIndex": 15,
+				"normalized": "9",
+				"value": "9"
+			},
+			{
+				"type": "comma-token",
+				"raw": ",",
+				"startIndex": 15,
+				"endIndex": 16,
+				"normalized": ",",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "kYO\\",
+				"startIndex": 16,
+				"endIndex": 20,
+				"normalized": "kYO�",
+				"value": "kYO�"
+			}
+		]
+	},
+	"tests/fuzz/b69ece36-057f-4450-9423-a1661787bce6": {
+		"css": "Iv1\u0000B}1E+X9oO\u001fN3G",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "Iv1\u0000B",
+				"startIndex": 0,
+				"endIndex": 8,
+				"normalized": "Iv1�B",
+				"value": "Iv1�B"
+			},
+			{
+				"type": "}-token",
+				"raw": "}",
+				"startIndex": 8,
+				"endIndex": 9,
+				"normalized": "}",
+				"value": null
+			},
+			{
+				"type": "dimension-token",
+				"raw": "1E",
+				"startIndex": 9,
+				"endIndex": 11,
+				"normalized": "1E",
+				"value": "1",
+				"unit": "E"
+			},
+			{
+				"type": "delim-token",
+				"raw": "+",
+				"startIndex": 11,
+				"endIndex": 12,
+				"normalized": "+",
+				"value": "+"
+			},
+			{
+				"type": "ident-token",
+				"raw": "X9oO",
+				"startIndex": 12,
+				"endIndex": 16,
+				"normalized": "X9oO",
+				"value": "X9oO"
+			},
+			{
+				"type": "delim-token",
+				"raw": "\u001f",
+				"startIndex": 16,
+				"endIndex": 17,
+				"normalized": "\u001f",
+				"value": "\u001f"
+			},
+			{
+				"type": "ident-token",
+				"raw": "N3G",
+				"startIndex": 17,
+				"endIndex": 20,
+				"normalized": "N3G",
+				"value": "N3G"
+			}
+		]
+	},
+	"tests/fuzz/ccfaf86d-7471-465b-bbc8-5b65be03e9cf": {
+		"css": "H%7Zkc0P17 m2cqKMI5Cz34YPit.2.7,oP ",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "H",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "H",
+				"value": "H"
+			},
+			{
+				"type": "delim-token",
+				"raw": "%",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "%",
+				"value": "%"
+			},
+			{
+				"type": "dimension-token",
+				"raw": "7Zkc0P17",
+				"startIndex": 2,
+				"endIndex": 10,
+				"normalized": "7Zkc0P17",
+				"value": "7",
+				"unit": "Zkc0P17"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": " ",
+				"startIndex": 10,
+				"endIndex": 11,
+				"normalized": " ",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "m2cqKMI5Cz34YPit",
+				"startIndex": 11,
+				"endIndex": 27,
+				"normalized": "m2cqKMI5Cz34YPit",
+				"value": "m2cqKMI5Cz34YPit"
+			},
+			{
+				"type": "number-token",
+				"raw": ".2",
+				"startIndex": 27,
+				"endIndex": 29,
+				"normalized": ".2",
+				"value": ".2"
+			},
+			{
+				"type": "number-token",
+				"raw": ".7",
+				"startIndex": 29,
+				"endIndex": 31,
+				"normalized": ".7",
+				"value": ".7"
+			},
+			{
+				"type": "comma-token",
+				"raw": ",",
+				"startIndex": 31,
+				"endIndex": 32,
+				"normalized": ",",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "oP",
+				"startIndex": 32,
+				"endIndex": 34,
+				"normalized": "oP",
+				"value": "oP"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": " ",
+				"startIndex": 34,
+				"endIndex": 35,
+				"normalized": " ",
+				"value": null
+			}
+		]
+	},
+	"tests/fuzz/eb11f9d4-f8ef-4e11-88dc-2cbf7f56e537": {
+		"css": ">u)k2a76}y4\\6fb9ONI\\",
+		"tokens": [
+			{
+				"type": "delim-token",
+				"raw": ">",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": ">",
+				"value": ">"
+			},
+			{
+				"type": "ident-token",
+				"raw": "u",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "u",
+				"value": "u"
+			},
+			{
+				"type": ")-token",
+				"raw": ")",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": ")",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "k2a76",
+				"startIndex": 3,
+				"endIndex": 8,
+				"normalized": "k2a76",
+				"value": "k2a76"
+			},
+			{
+				"type": "}-token",
+				"raw": "}",
+				"startIndex": 8,
+				"endIndex": 9,
+				"normalized": "}",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "y4\\6fb9ONI\\",
+				"startIndex": 9,
+				"endIndex": 20,
+				"normalized": "y4澹ONI�",
+				"value": "y4澹ONI�"
+			}
+		]
+	},
+	"tests/hash/0001": {
+		"css": "#1\n",
+		"tokens": [
+			{
+				"type": "hash-token",
+				"raw": "#1",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "#1",
+				"value": "1"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hash/0002": {
+		"css": "#-2\n",
+		"tokens": [
+			{
+				"type": "hash-token",
+				"raw": "#-2",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "#-2",
+				"value": "-2"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hash/0003": {
+		"css": "#--3\n",
+		"tokens": [
+			{
+				"type": "hash-token",
+				"raw": "#--3",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "#--3",
+				"value": "--3"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hash/0004": {
+		"css": "#---4\n",
+		"tokens": [
+			{
+				"type": "hash-token",
+				"raw": "#---4",
+				"startIndex": 0,
+				"endIndex": 5,
+				"normalized": "#---4",
+				"value": "---4"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hash/0005": {
+		"css": "#a\n",
+		"tokens": [
+			{
+				"type": "hash-token",
+				"raw": "#a",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "#a",
+				"value": "a"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hash/0006": {
+		"css": "#-b\n",
+		"tokens": [
+			{
+				"type": "hash-token",
+				"raw": "#-b",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "#-b",
+				"value": "-b"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hash/0007": {
+		"css": "#--c\n",
+		"tokens": [
+			{
+				"type": "hash-token",
+				"raw": "#--c",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "#--c",
+				"value": "--c"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hash/0008": {
+		"css": "#---d\n",
+		"tokens": [
+			{
+				"type": "hash-token",
+				"raw": "#---d",
+				"startIndex": 0,
+				"endIndex": 5,
+				"normalized": "#---d",
+				"value": "---d"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hash/0009": {
+		"css": "#_\n",
+		"tokens": [
+			{
+				"type": "hash-token",
+				"raw": "#_",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "#_",
+				"value": "_"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hash/0010": {
+		"css": "#_1\n",
+		"tokens": [
+			{
+				"type": "hash-token",
+				"raw": "#_1",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "#_1",
+				"value": "_1"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hash/0011": {
+		"css": "#-\n",
+		"tokens": [
+			{
+				"type": "hash-token",
+				"raw": "#-",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "#-",
+				"value": "-"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hash/0012": {
+		"css": "#+\n",
+		"tokens": [
+			{
+				"type": "delim-token",
+				"raw": "#",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "#",
+				"value": "#"
+			},
+			{
+				"type": "delim-token",
+				"raw": "+",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "+",
+				"value": "+"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hash/0013": {
+		"css": "##\n",
+		"tokens": [
+			{
+				"type": "delim-token",
+				"raw": "#",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "#",
+				"value": "#"
+			},
+			{
+				"type": "delim-token",
+				"raw": "#",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "#",
+				"value": "#"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hash/0014": {
+		"css": "#",
+		"tokens": [
+			{
+				"type": "delim-token",
+				"raw": "#",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "#",
+				"value": "#"
+			}
+		]
+	},
+	"tests/hash/0015": {
+		"css": "#aa𐀀\n",
+		"tokens": [
+			{
+				"type": "hash-token",
+				"raw": "#aa𐀀",
+				"startIndex": 0,
+				"endIndex": 7,
+				"normalized": "#aa𐀀",
+				"value": "aa𐀀"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 7,
+				"endIndex": 8,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hyphen-minus/0001": {
+		"css": "-\n",
+		"tokens": [
+			{
+				"type": "delim-token",
+				"raw": "-",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "-",
+				"value": "-"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hyphen-minus/0002": {
+		"css": "-1\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "-1",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "-1",
+				"value": "-1"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hyphen-minus/0003": {
+		"css": "-.1\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "-.1",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "-.1",
+				"value": "-.1"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hyphen-minus/0004": {
+		"css": "--1\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "--1",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "--1",
+				"value": "--1"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hyphen-minus/0005": {
+		"css": "-0\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "-0",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "-0",
+				"value": "-0"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/hyphen-minus/0006": {
+		"css": "-->\n",
+		"tokens": [
+			{
+				"type": "CDC-token",
+				"raw": "-->",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "-->",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/ident/0001": {
+		"css": "foo\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "foo",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "foo",
+				"value": "foo"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/ident/0002": {
+		"css": "--\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "--",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "--",
+				"value": "--"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/ident/0003": {
+		"css": "--0\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "--0",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "--0",
+				"value": "--0"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/ident/0004": {
+		"css": "-\\\n",
+		"tokens": [
+			{
+				"type": "delim-token",
+				"raw": "-",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "-",
+				"value": "-"
+			},
+			{
+				"type": "delim-token",
+				"raw": "\\",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\\",
+				"value": "\\"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/ident/0005": {
+		"css": "-\\ \n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "-\\ ",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "- ",
+				"value": "- "
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/ident/0006": {
+		"css": "--💅\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "--💅",
+				"startIndex": 0,
+				"endIndex": 6,
+				"normalized": "--💅",
+				"value": "--💅"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/ident/0007": {
+		"css": "-§\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "-§",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "-§",
+				"value": "-§"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/ident/0008": {
+		"css": "-×\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "-×",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "-×",
+				"value": "-×"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/ident/0009": {
+		"css": "--a𐀀\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "--a𐀀",
+				"startIndex": 0,
+				"endIndex": 7,
+				"normalized": "--a𐀀",
+				"value": "--a𐀀"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 7,
+				"endIndex": 8,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/ident-like/0001": {
+		"css": "url(foo)\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "url(foo)",
+				"startIndex": 0,
+				"endIndex": 8,
+				"normalized": "url(foo)",
+				"value": "foo"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 8,
+				"endIndex": 9,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/ident-like/0002": {
+		"css": "\\75 Rl(foo)\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "\\75 Rl(foo)",
+				"startIndex": 0,
+				"endIndex": 11,
+				"normalized": "uRl(foo)",
+				"value": "foo"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 11,
+				"endIndex": 12,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/ident-like/0003": {
+		"css": "uR\\6c (foo)\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "uR\\6c (foo)",
+				"startIndex": 0,
+				"endIndex": 11,
+				"normalized": "uRl(foo)",
+				"value": "foo"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 11,
+				"endIndex": 12,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/ident-like/0004": {
+		"css": "url('foo')\n",
+		"tokens": [
+			{
+				"type": "function-token",
+				"raw": "url(",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "url(",
+				"value": "url"
+			},
+			{
+				"type": "string-token",
+				"raw": "'foo'",
+				"startIndex": 4,
+				"endIndex": 9,
+				"normalized": "'foo'",
+				"value": "foo"
+			},
+			{
+				"type": ")-token",
+				"raw": ")",
+				"startIndex": 9,
+				"endIndex": 10,
+				"normalized": ")",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 10,
+				"endIndex": 11,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/ident-like/0005": {
+		"css": "url( 'foo')\n",
+		"tokens": [
+			{
+				"type": "function-token",
+				"raw": "url(",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "url(",
+				"value": "url"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": " ",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": " ",
+				"value": null
+			},
+			{
+				"type": "string-token",
+				"raw": "'foo'",
+				"startIndex": 5,
+				"endIndex": 10,
+				"normalized": "'foo'",
+				"value": "foo"
+			},
+			{
+				"type": ")-token",
+				"raw": ")",
+				"startIndex": 10,
+				"endIndex": 11,
+				"normalized": ")",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 11,
+				"endIndex": 12,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/ident-like/0006": {
+		"css": "url(  'foo')\n",
+		"tokens": [
+			{
+				"type": "function-token",
+				"raw": "url(",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "url(",
+				"value": "url"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "  ",
+				"startIndex": 4,
+				"endIndex": 6,
+				"normalized": "  ",
+				"value": null
+			},
+			{
+				"type": "string-token",
+				"raw": "'foo'",
+				"startIndex": 6,
+				"endIndex": 11,
+				"normalized": "'foo'",
+				"value": "foo"
+			},
+			{
+				"type": ")-token",
+				"raw": ")",
+				"startIndex": 11,
+				"endIndex": 12,
+				"normalized": ")",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 12,
+				"endIndex": 13,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/ident-like/0007": {
+		"css": "url(   'foo')\n",
+		"tokens": [
+			{
+				"type": "function-token",
+				"raw": "url(",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "url(",
+				"value": "url"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "   ",
+				"startIndex": 4,
+				"endIndex": 7,
+				"normalized": "   ",
+				"value": null
+			},
+			{
+				"type": "string-token",
+				"raw": "'foo'",
+				"startIndex": 7,
+				"endIndex": 12,
+				"normalized": "'foo'",
+				"value": "foo"
+			},
+			{
+				"type": ")-token",
+				"raw": ")",
+				"startIndex": 12,
+				"endIndex": 13,
+				"normalized": ")",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 13,
+				"endIndex": 14,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/ident-like/0008": {
+		"css": "not-url(   'foo')\n",
+		"tokens": [
+			{
+				"type": "function-token",
+				"raw": "not-url(",
+				"startIndex": 0,
+				"endIndex": 8,
+				"normalized": "not-url(",
+				"value": "not-url"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "   ",
+				"startIndex": 8,
+				"endIndex": 11,
+				"normalized": "   ",
+				"value": null
+			},
+			{
+				"type": "string-token",
+				"raw": "'foo'",
+				"startIndex": 11,
+				"endIndex": 16,
+				"normalized": "'foo'",
+				"value": "foo"
+			},
+			{
+				"type": ")-token",
+				"raw": ")",
+				"startIndex": 16,
+				"endIndex": 17,
+				"normalized": ")",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 17,
+				"endIndex": 18,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/ident-like/0009": {
+		"css": "url(   foo)\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "url(   foo)",
+				"startIndex": 0,
+				"endIndex": 11,
+				"normalized": "url(   foo)",
+				"value": "foo"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 11,
+				"endIndex": 12,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/left-curly-bracket/0001": {
+		"css": "{\n",
+		"tokens": [
+			{
+				"type": "{-token",
+				"raw": "{",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "{",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/left-parenthesis/0001": {
+		"css": "(\n",
+		"tokens": [
+			{
+				"type": "(-token",
+				"raw": "(",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "(",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/left-square-bracket/0001": {
+		"css": "[\n",
+		"tokens": [
+			{
+				"type": "[-token",
+				"raw": "[",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "[",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/less-than/0001": {
+		"css": "<\n",
+		"tokens": [
+			{
+				"type": "delim-token",
+				"raw": "<",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "<",
+				"value": "<"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/less-than/0002": {
+		"css": "<!--\n",
+		"tokens": [
+			{
+				"type": "CDO-token",
+				"raw": "<!--",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "<!--",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/less-than/0003": {
+		"css": "<--\n",
+		"tokens": [
+			{
+				"type": "delim-token",
+				"raw": "<",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "<",
+				"value": "<"
+			},
+			{
+				"type": "ident-token",
+				"raw": "--",
+				"startIndex": 1,
+				"endIndex": 3,
+				"normalized": "--",
+				"value": "--"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/less-than/0004": {
+		"css": "<!-\n",
+		"tokens": [
+			{
+				"type": "delim-token",
+				"raw": "<",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "<",
+				"value": "<"
+			},
+			{
+				"type": "delim-token",
+				"raw": "!",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "!",
+				"value": "!"
+			},
+			{
+				"type": "delim-token",
+				"raw": "-",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "-",
+				"value": "-"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0001": {
+		"css": "10\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "10",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "10",
+				"value": "10"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0002": {
+		"css": "+10\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "+10",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "+10",
+				"value": "+10"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0003": {
+		"css": "-10\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "-10",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "-10",
+				"value": "-10"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0004": {
+		"css": "0\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "0",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "0",
+				"value": "0"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0005": {
+		"css": "+0\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "+0",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "+0",
+				"value": "+0"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0006": {
+		"css": "-0\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "-0",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "-0",
+				"value": "-0"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0007": {
+		"css": ".0\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": ".0",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": ".0",
+				"value": ".0"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0008": {
+		"css": ".1\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": ".1",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": ".1",
+				"value": ".1"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0009": {
+		"css": "+.1\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "+.1",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "+.1",
+				"value": "+.1"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0010": {
+		"css": "-.1\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "-.1",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "-.1",
+				"value": "-.1"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0011": {
+		"css": "1.1\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "1.1",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "1.1",
+				"value": "1.1"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0012": {
+		"css": "+1.1\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "+1.1",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "+1.1",
+				"value": "+1.1"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0013": {
+		"css": "-1.1\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "-1.1",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "-1.1",
+				"value": "-1.1"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0014": {
+		"css": "1.1e2\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "1.1e2",
+				"startIndex": 0,
+				"endIndex": 5,
+				"normalized": "1.1e2",
+				"value": "1.1e2"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0015": {
+		"css": "+1.1e+2\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "+1.1e+2",
+				"startIndex": 0,
+				"endIndex": 7,
+				"normalized": "+1.1e+2",
+				"value": "+1.1e+2"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 7,
+				"endIndex": 8,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0016": {
+		"css": "-1.1e-2\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "-1.1e-2",
+				"startIndex": 0,
+				"endIndex": 7,
+				"normalized": "-1.1e-2",
+				"value": "-1.1e-2"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 7,
+				"endIndex": 8,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0017": {
+		"css": "-1.1e-22\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "-1.1e-22",
+				"startIndex": 0,
+				"endIndex": 8,
+				"normalized": "-1.1e-22",
+				"value": "-1.1e-22"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 8,
+				"endIndex": 9,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0018": {
+		"css": "-1.1e-22e\n",
+		"tokens": [
+			{
+				"type": "dimension-token",
+				"raw": "-1.1e-22e",
+				"startIndex": 0,
+				"endIndex": 9,
+				"normalized": "-1.1e-22e",
+				"value": "-1.1e-22",
+				"unit": "e"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 9,
+				"endIndex": 10,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0019": {
+		"css": "1e+\n",
+		"tokens": [
+			{
+				"type": "dimension-token",
+				"raw": "1e",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "1e",
+				"value": "1",
+				"unit": "e"
+			},
+			{
+				"type": "delim-token",
+				"raw": "+",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "+",
+				"value": "+"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/number/0020": {
+		"css": ".2.7\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": ".2",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": ".2",
+				"value": ".2"
+			},
+			{
+				"type": "number-token",
+				"raw": ".7",
+				"startIndex": 2,
+				"endIndex": 4,
+				"normalized": ".7",
+				"value": ".7"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/numeric/0001": {
+		"css": "-123.753e-2\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "-123.753e-2",
+				"startIndex": 0,
+				"endIndex": 11,
+				"normalized": "-123.753e-2",
+				"value": "-123.753e-2"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 11,
+				"endIndex": 12,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/numeric/0002": {
+		"css": "-123.753e-2px\n",
+		"tokens": [
+			{
+				"type": "dimension-token",
+				"raw": "-123.753e-2px",
+				"startIndex": 0,
+				"endIndex": 13,
+				"normalized": "-123.753e-2px",
+				"value": "-123.753e-2",
+				"unit": "px"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 13,
+				"endIndex": 14,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/numeric/0003": {
+		"css": "-123.753e-2%\n",
+		"tokens": [
+			{
+				"type": "percentage-token",
+				"raw": "-123.753e-2%",
+				"startIndex": 0,
+				"endIndex": 12,
+				"normalized": "-123.753e-2%",
+				"value": "-123.753e-2"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 12,
+				"endIndex": 13,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/numeric/0004": {
+		"css": "1.2.3\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "1.2",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "1.2",
+				"value": "1.2"
+			},
+			{
+				"type": "number-token",
+				"raw": ".3",
+				"startIndex": 3,
+				"endIndex": 5,
+				"normalized": ".3",
+				"value": ".3"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/plus/0001": {
+		"css": "+\n",
+		"tokens": [
+			{
+				"type": "delim-token",
+				"raw": "+",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "+",
+				"value": "+"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/plus/0002": {
+		"css": "+1\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "+1",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "+1",
+				"value": "+1"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/plus/0003": {
+		"css": "+.1\n",
+		"tokens": [
+			{
+				"type": "number-token",
+				"raw": "+.1",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "+.1",
+				"value": "+.1"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/plus/0004": {
+		"css": "++1\n",
+		"tokens": [
+			{
+				"type": "delim-token",
+				"raw": "+",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "+",
+				"value": "+"
+			},
+			{
+				"type": "number-token",
+				"raw": "+1",
+				"startIndex": 1,
+				"endIndex": 3,
+				"normalized": "+1",
+				"value": "+1"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/reverse-solidus/0001": {
+		"css": "\\\n",
+		"tokens": [
+			{
+				"type": "delim-token",
+				"raw": "\\",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "\\",
+				"value": "\\"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/reverse-solidus/0002": {
+		"css": "\\#\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\#",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "#",
+				"value": "#"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/reverse-solidus/0003": {
+		"css": "\\ \n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\ ",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": " ",
+				"value": " "
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 2,
+				"endIndex": 3,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/reverse-solidus/0004": {
+		"css": "\\61 b\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\61 b",
+				"startIndex": 0,
+				"endIndex": 5,
+				"normalized": "ab",
+				"value": "ab"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/reverse-solidus/0005": {
+		"css": "\\",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "�",
+				"value": "�"
+			}
+		]
+	},
+	"tests/right-curly-bracket/0001": {
+		"css": "}\n",
+		"tokens": [
+			{
+				"type": "}-token",
+				"raw": "}",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "}",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/right-parenthesis/0001": {
+		"css": ")\n",
+		"tokens": [
+			{
+				"type": ")-token",
+				"raw": ")",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": ")",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/right-square-bracket/0001": {
+		"css": "]\n",
+		"tokens": [
+			{
+				"type": "]-token",
+				"raw": "]",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "]",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/semi-colon/0001": {
+		"css": ";\n",
+		"tokens": [
+			{
+				"type": "semicolon-token",
+				"raw": ";",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": ";",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 1,
+				"endIndex": 2,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/string/0001": {
+		"css": "\"foo\"\n'foo'\n",
+		"tokens": [
+			{
+				"type": "string-token",
+				"raw": "\"foo\"",
+				"startIndex": 0,
+				"endIndex": 5,
+				"normalized": "\"foo\"",
+				"value": "foo"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": "\n",
+				"value": null
+			},
+			{
+				"type": "string-token",
+				"raw": "'foo'",
+				"startIndex": 6,
+				"endIndex": 11,
+				"normalized": "'foo'",
+				"value": "foo"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 11,
+				"endIndex": 12,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/string/0002": {
+		"css": "\"foo",
+		"tokens": [
+			{
+				"type": "string-token",
+				"raw": "\"foo",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "\"foo",
+				"value": "foo"
+			}
+		]
+	},
+	"tests/string/0003": {
+		"css": "\"fo\no\"",
+		"tokens": [
+			{
+				"type": "bad-string-token",
+				"raw": "\"fo",
+				"startIndex": 0,
+				"endIndex": 3,
+				"normalized": "\"fo",
+				"value": "fo"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "\n",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "o",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": "o",
+				"value": "o"
+			},
+			{
+				"type": "string-token",
+				"raw": "\"",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": "\"",
+				"value": ""
+			}
+		]
+	},
+	"tests/string/0004": {
+		"css": "\"fo\\\no\"\n",
+		"tokens": [
+			{
+				"type": "string-token",
+				"raw": "\"fo\\\no\"",
+				"startIndex": 0,
+				"endIndex": 7,
+				"normalized": "\"fo\\\no\"",
+				"value": "fo\\\no"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 7,
+				"endIndex": 8,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/string/0005": {
+		"css": "\"fo\\",
+		"tokens": [
+			{
+				"type": "string-token",
+				"raw": "\"fo\\",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "\"fo�",
+				"value": "fo�"
+			}
+		]
+	},
+	"tests/string/0006": {
+		"css": "\"esc\\61 ped\"\n",
+		"tokens": [
+			{
+				"type": "string-token",
+				"raw": "\"esc\\61 ped\"",
+				"startIndex": 0,
+				"endIndex": 12,
+				"normalized": "\"escaped\"",
+				"value": "escaped"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 12,
+				"endIndex": 13,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/string/0007": {
+		"css": "\"foo\\\"",
+		"tokens": [
+			{
+				"type": "string-token",
+				"raw": "\"foo\\\"",
+				"startIndex": 0,
+				"endIndex": 6,
+				"normalized": "\"foo\"",
+				"value": "foo\""
+			}
+		]
+	},
+	"tests/string/0008": {
+		"css": "\"'foo'\"\n'\"foo\"'\n",
+		"tokens": [
+			{
+				"type": "string-token",
+				"raw": "\"'foo'\"",
+				"startIndex": 0,
+				"endIndex": 7,
+				"normalized": "\"'foo'\"",
+				"value": "'foo'"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 7,
+				"endIndex": 8,
+				"normalized": "\n",
+				"value": null
+			},
+			{
+				"type": "string-token",
+				"raw": "'\"foo\"'",
+				"startIndex": 8,
+				"endIndex": 15,
+				"normalized": "'\"foo\"'",
+				"value": "\"foo\""
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 15,
+				"endIndex": 16,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/string/0009": {
+		"css": "\"\\\"foo\\\"\"\n'\\'foo\\''\n",
+		"tokens": [
+			{
+				"type": "string-token",
+				"raw": "\"\\\"foo\\\"\"",
+				"startIndex": 0,
+				"endIndex": 9,
+				"normalized": "\"\"foo\"\"",
+				"value": "\"foo\""
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 9,
+				"endIndex": 10,
+				"normalized": "\n",
+				"value": null
+			},
+			{
+				"type": "string-token",
+				"raw": "'\\'foo\\''",
+				"startIndex": 10,
+				"endIndex": 19,
+				"normalized": "''foo''",
+				"value": "'foo'"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 19,
+				"endIndex": 20,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/url/0001": {
+		"css": "url(\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "url(\n",
+				"startIndex": 0,
+				"endIndex": 5,
+				"normalized": "url(\n",
+				"value": ""
+			}
+		]
+	},
+	"tests/url/0002": {
+		"css": "url(a\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "url(a\n",
+				"startIndex": 0,
+				"endIndex": 6,
+				"normalized": "url(a\n",
+				"value": "a"
+			}
+		]
+	},
+	"tests/url/0003": {
+		"css": "url( a\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "url( a\n",
+				"startIndex": 0,
+				"endIndex": 7,
+				"normalized": "url( a\n",
+				"value": "a"
+			}
+		]
+	},
+	"tests/url/0004": {
+		"css": "url()\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "url()",
+				"startIndex": 0,
+				"endIndex": 5,
+				"normalized": "url()",
+				"value": ""
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/url/0005": {
+		"css": "url( )\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "url( )",
+				"startIndex": 0,
+				"endIndex": 6,
+				"normalized": "url( )",
+				"value": ""
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/url/0006": {
+		"css": "url( a)\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "url( a)",
+				"startIndex": 0,
+				"endIndex": 7,
+				"normalized": "url( a)",
+				"value": "a"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 7,
+				"endIndex": 8,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/url/0007": {
+		"css": "url( a )\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "url( a )",
+				"startIndex": 0,
+				"endIndex": 8,
+				"normalized": "url( a )",
+				"value": "a"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 8,
+				"endIndex": 9,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/url/0008": {
+		"css": "url( \\) )\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "url( \\) )",
+				"startIndex": 0,
+				"endIndex": 9,
+				"normalized": "url( ) )",
+				"value": ")"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 9,
+				"endIndex": 10,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/url/0009": {
+		"css": "url(https://https:⁄⁄www.netmeister.org@https://www.netmeister.org/https:⁄⁄www.netmeister.org⁄?https://www.netmeister.org=https://www.netmeister.org;https://www.netmeister.org#https://www.netmeister.org)\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "url(https://https:⁄⁄www.netmeister.org@https://www.netmeister.org/https:⁄⁄www.netmeister.org⁄?https://www.netmeister.org=https://www.netmeister.org;https://www.netmeister.org#https://www.netmeister.org)",
+				"startIndex": 0,
+				"endIndex": 212,
+				"normalized": "url(https://https:⁄⁄www.netmeister.org@https://www.netmeister.org/https:⁄⁄www.netmeister.org⁄?https://www.netmeister.org=https://www.netmeister.org;https://www.netmeister.org#https://www.netmeister.org)",
+				"value": "https://https:⁄⁄www.netmeister.org@https://www.netmeister.org/https:⁄⁄www.netmeister.org⁄?https://www.netmeister.org=https://www.netmeister.org;https://www.netmeister.org#https://www.netmeister.org"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 212,
+				"endIndex": 213,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/url/0010": {
+		"css": "url(https://www.netmeister.org/%62%6C%6F%67/%75%72%6C%73%2E%68%74%6D%6C?!@#$%25=+_\\)\\(*&^#top)\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "url(https://www.netmeister.org/%62%6C%6F%67/%75%72%6C%73%2E%68%74%6D%6C?!@#$%25=+_\\)\\(*&^#top)",
+				"startIndex": 0,
+				"endIndex": 94,
+				"normalized": "url(https://www.netmeister.org/%62%6C%6F%67/%75%72%6C%73%2E%68%74%6D%6C?!@#$%25=+_)(*&^#top)",
+				"value": "https://www.netmeister.org/%62%6C%6F%67/%75%72%6C%73%2E%68%74%6D%6C?!@#$%25=+_)(*&^#top"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 94,
+				"endIndex": 95,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/url/0011": {
+		"css": "Url(a)\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "Url(a)",
+				"startIndex": 0,
+				"endIndex": 6,
+				"normalized": "Url(a)",
+				"value": "a"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/url/0012": {
+		"css": "uRl(a)\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "uRl(a)",
+				"startIndex": 0,
+				"endIndex": 6,
+				"normalized": "uRl(a)",
+				"value": "a"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/url/0013": {
+		"css": "urL(a)\n",
+		"tokens": [
+			{
+				"type": "url-token",
+				"raw": "urL(a)",
+				"startIndex": 0,
+				"endIndex": 6,
+				"normalized": "urL(a)",
+				"value": "a"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/url/0014": {
+		"css": "uri(a)\n",
+		"tokens": [
+			{
+				"type": "function-token",
+				"raw": "uri(",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "uri(",
+				"value": "uri"
+			},
+			{
+				"type": "ident-token",
+				"raw": "a",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": "a",
+				"value": "a"
+			},
+			{
+				"type": ")-token",
+				"raw": ")",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": ")",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/url/0015": {
+		"css": "uul(a)\n",
+		"tokens": [
+			{
+				"type": "function-token",
+				"raw": "uul(",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "uul(",
+				"value": "uul"
+			},
+			{
+				"type": "ident-token",
+				"raw": "a",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": "a",
+				"value": "a"
+			},
+			{
+				"type": ")-token",
+				"raw": ")",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": ")",
+				"value": null
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/whitespace/0001": {
+		"css": "\n",
+		"tokens": [
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/whitespace/0002": {
+		"css": " \n",
+		"tokens": [
+			{
+				"type": "whitespace-token",
+				"raw": " \n",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": " \n",
+				"value": null
+			}
+		]
+	},
+	"tests/whitespace/0003": {
+		"css": "a  b\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "a",
+				"startIndex": 0,
+				"endIndex": 1,
+				"normalized": "a",
+				"value": "a"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "  ",
+				"startIndex": 1,
+				"endIndex": 3,
+				"normalized": "  ",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "b",
+				"startIndex": 3,
+				"endIndex": 4,
+				"normalized": "b",
+				"value": "b"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/whitespace/0004": {
+		"css": "\\61 b\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\61 b",
+				"startIndex": 0,
+				"endIndex": 5,
+				"normalized": "ab",
+				"value": "ab"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/whitespace/0005": {
+		"css": "\\000061 b\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\000061 b",
+				"startIndex": 0,
+				"endIndex": 9,
+				"normalized": "ab",
+				"value": "ab"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 9,
+				"endIndex": 10,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/whitespace/0006": {
+		"css": "\\61  b\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "\\61 ",
+				"startIndex": 0,
+				"endIndex": 4,
+				"normalized": "a",
+				"value": "a"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": " ",
+				"startIndex": 4,
+				"endIndex": 5,
+				"normalized": " ",
+				"value": null
+			},
+			{
+				"type": "ident-token",
+				"raw": "b",
+				"startIndex": 5,
+				"endIndex": 6,
+				"normalized": "b",
+				"value": "b"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 6,
+				"endIndex": 7,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	},
+	"tests/whitespace/0007": {
+		"css": "\t\n",
+		"tokens": [
+			{
+				"type": "whitespace-token",
+				"raw": "\t\n",
+				"startIndex": 0,
+				"endIndex": 2,
+				"normalized": "\t\n",
+				"value": null
+			}
+		]
+	},
+	"tests/whitespace/0008": {
+		"css": "f\\ o\\\to\n",
+		"tokens": [
+			{
+				"type": "ident-token",
+				"raw": "f\\ o\\\to",
+				"startIndex": 0,
+				"endIndex": 7,
+				"normalized": "f o\to",
+				"value": "f o\to"
+			},
+			{
+				"type": "whitespace-token",
+				"raw": "\n",
+				"startIndex": 7,
+				"endIndex": 8,
+				"normalized": "\n",
+				"value": null
+			}
+		]
+	}
+}
diff --git a/tests/phpunit/tests/css-api/bootstrap-css-api.php b/tests/phpunit/tests/css-api/bootstrap-css-api.php
new file mode 100644
index 0000000000000..e4d80d277319d
--- /dev/null
+++ b/tests/phpunit/tests/css-api/bootstrap-css-api.php
@@ -0,0 +1,61 @@
+<?php
+
+require_once __DIR__ . '/../../../../src/wp-includes/compat.php';
+require_once __DIR__ . '/../../../../src/wp-includes/utf8.php';
+require_once __DIR__ . '/../../../../src/wp-includes/html-api/class-wp-html-doctype-info.php';
+require_once __DIR__ . '/../../../../src/wp-includes/html-api/class-wp-html-attribute-token.php';
+require_once __DIR__ . '/../../../../src/wp-includes/html-api/class-wp-html-span.php';
+require_once __DIR__ . '/../../../../src/wp-includes/html-api/class-wp-html-text-replacement.php';
+require_once __DIR__ . '/../../../../src/wp-includes/html-api/class-wp-html-tag-processor.php';
+
+// HTML Processor
+require_once __DIR__ . '/../../../../src/wp-includes/class-wp-token-map.php';
+require_once __DIR__ . '/../../../../src/wp-includes/html-api/html5-named-character-references.php';
+require_once __DIR__ . '/../../../../src/wp-includes/html-api/class-wp-html-decoder.php';
+require_once __DIR__ . '/../../../../src/wp-includes/html-api/class-wp-html-stack-event.php';
+require_once __DIR__ . '/../../../../src/wp-includes/html-api/class-wp-html-unsupported-exception.php';
+require_once __DIR__ . '/../../../../src/wp-includes/html-api/class-wp-html-active-formatting-elements.php';
+require_once __DIR__ . '/../../../../src/wp-includes/html-api/class-wp-html-open-elements.php';
+require_once __DIR__ . '/../../../../src/wp-includes/html-api/class-wp-html-token.php';
+require_once __DIR__ . '/../../../../src/wp-includes/html-api/class-wp-html-processor-state.php';
+require_once __DIR__ . '/../../../../src/wp-includes/html-api/class-wp-html-processor.php';
+
+require_once __DIR__ . '/../../../../src/wp-includes/compat-utf8.php';
+require_once __DIR__ . '/../../../../src/wp-includes/css-api/class-wp-css-builder.php';
+require_once __DIR__ . '/../../../../src/wp-includes/css-api/class-wp-css-token-processor.php';
+require_once __DIR__ . '/../../../../src/wp-includes/css-api/class-wp-css-processor.php';
+
+
+if ( ! function_exists( 'wp_kses_uri_attributes' ) ) {
+	function wp_kses_uri_attributes() {
+		return array(
+			'action',
+			'archive',
+			'background',
+			'cite',
+			'classid',
+			'codebase',
+			'data',
+			'formaction',
+			'href',
+			'icon',
+			'longdesc',
+			'manifest',
+			'poster',
+			'profile',
+			'src',
+			'usemap',
+			'xmlns',
+		);
+	}
+}
+
+if ( ! function_exists( '__' ) ) {
+	function __( $s ) {
+		return $s;
+	}
+}
+
+if ( ! function_exists( '_doing_it_wrong' ) ) {
+	function _doing_it_wrong( ...$args ) {}
+}
diff --git a/tests/phpunit/tests/css-api/bootstrap.php b/tests/phpunit/tests/css-api/bootstrap.php
new file mode 100644
index 0000000000000..cf709dd459901
--- /dev/null
+++ b/tests/phpunit/tests/css-api/bootstrap.php
@@ -0,0 +1,63 @@
+<?php
+
+require_once __DIR__ . '/bootstrap-css-api.php';
+
+if ( ! defined( 'DIR_TESTDATA' ) ) {
+	define( 'DIR_TESTDATA', __DIR__ . '/../../data' );
+}
+
+require_once __DIR__ . '/../../../../src/wp-includes/class-wp-block-parser.php';
+require_once __DIR__ . '/../../includes/build-visual-html-tree.php';
+
+if ( ! class_exists( 'WP_UnitTestCase' ) ) {
+	class WP_UnitTestCase extends PHPUnit\Framework\TestCase {
+		public function setExpectedIncorrectUsage( $doing_it_wrong ) {
+		}
+
+		public function setUp(): void {
+			parent::setUp();
+			$this->set_up();
+		}
+
+		public function set_up() {
+		}
+
+		/**
+		 * Check HTML markup (including blocks) for semantic equivalence.
+		 *
+		 * Given two markup strings, assert that they translate to the same semantic HTML tree,
+		 * normalizing tag names, attribute names, and attribute order. Furthermore, attributes
+		 * and class names are sorted and deduplicated, and whitespace in style attributes
+		 * is normalized. Finally, block delimiter comments are recognized and normalized,
+		 * applying the same principles.
+		 *
+		 * @since 6.9.0
+		 *
+		 * @param string      $expected         The expected HTML.
+		 * @param string      $actual           The actual HTML.
+		 * @param string|null $fragment_context Optional. The fragment context, for example "<td>" expected HTML
+		 *                                      must occur within "<table><tr>" fragment context. Default "<body>".
+		 *                                      Only "<body>" or `null` are supported at this time.
+		 *                                      Set to `null` to parse a full HTML document.
+		 * @param string|null $message          Optional. The assertion error message.
+		 */
+		public function assertEqualHTML( string $expected, string $actual, ?string $fragment_context = '<body>', $message = 'HTML markup was not equivalent.' ): void {
+			try {
+				$tree_expected = build_visual_html_tree( $expected, $fragment_context );
+				$tree_actual   = build_visual_html_tree( $actual, $fragment_context );
+			} catch ( Exception $e ) {
+				// For PHP 8.4+, we can retry, using the built-in DOM\HTMLDocument parser.
+				if ( class_exists( 'DOM\HtmlDocument' ) ) {
+					$dom_expected  = DOM\HtmlDocument::createFromString( $expected, LIBXML_NOERROR );
+					$tree_expected = build_visual_html_tree( $dom_expected->saveHtml(), $fragment_context );
+					$dom_actual    = DOM\HtmlDocument::createFromString( $actual, LIBXML_NOERROR );
+					$tree_actual   = build_visual_html_tree( $dom_actual->saveHtml(), $fragment_context );
+				} else {
+					throw $e;
+				}
+			}
+
+			$this->assertSame( $tree_expected, $tree_actual, $message );
+		}
+	}
+}
diff --git a/tests/phpunit/tests/css-api/phpunit.xml b/tests/phpunit/tests/css-api/phpunit.xml
new file mode 100644
index 0000000000000..7823b1d382f8b
--- /dev/null
+++ b/tests/phpunit/tests/css-api/phpunit.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<phpunit
+	bootstrap="bootstrap.php"
+	testdox="true"
+	colors="true"
+	enforceTimeLimit="true"
+	defaultTimeLimit="1"
+	timeoutForSmallTests="1"
+	timeoutForMediumTests="1"
+	timeoutForLargeTests="1"
+>
+
+	<php>
+<!--        <const name="DEBUG" value="FALSE"/>-->
+    </php>
+	<testsuites>
+		<testsuite name="css-api">
+
+<file>wpCssProcessor.php</file>
+<file>wpCssTokenProcessor.php</file>
+<file>wpCssBuilder.php</file>
+
+		</testsuite>
+	</testsuites>
+</phpunit>
+
diff --git a/tests/phpunit/tests/css-api/wpCssBuilder.php b/tests/phpunit/tests/css-api/wpCssBuilder.php
new file mode 100644
index 0000000000000..91bae79b0bec7
--- /dev/null
+++ b/tests/phpunit/tests/css-api/wpCssBuilder.php
@@ -0,0 +1,150 @@
+<?php
+
+/**
+ * Tests for the WP_CSS_Builder class.
+ *
+ * @group css-api
+ *
+ * @coversDefaultClass WP_CSS_Builder
+ */
+class Tests_CssApi_WpCssBuilder extends WP_UnitTestCase {
+	/**
+	 * @dataProvider data_string_escaping
+	 *
+	 * @covers ::string
+	 */
+	public function test_string_escaping( string $input, string $expected ): void {
+		$this->assertSame( $expected, WP_CSS_Builder::string( $input ) );
+
+		/**
+		 * Ensure that a single, equivalent CSS string is produced.
+		 *
+		 * CSS pre-processing normalization is applied to the input to ensure
+		 * a match can be found.
+		 *
+		 * @see https://www.w3.org/TR/css-syntax-3/#input-preprocessing
+		 */
+		$processor = WP_CSS_Token_Processor::create( WP_CSS_Builder::string( $input ) );
+		$processor->next_token();
+		$this->assertSame( WP_CSS_Token_Processor::TOKEN_STRING, $processor->get_token_type() );
+		$expected_decoded_value = strtr(
+			$input,
+			array(
+				"\r\n" => "\n",
+				"\r"   => "\n",
+				"\f"   => "\n",
+				"\0"   => '�',
+			)
+		);
+		$this->assertSame( $expected_decoded_value, $processor->get_token_value() );
+		$this->assertFalse( $processor->next_token() );
+	}
+
+	/**
+	 * Data provider for string escaping cases.
+	 *
+	 * @return array
+	 */
+	public static function data_string_escaping(): array {
+		return array(
+			// Passthrough — no escaping needed, only quoting.
+			'empty string'            => array( '', '""' ),
+			'simple ASCII'            => array( 'Arial', '"Arial"' ),
+			'spaces preserved'        => array( 'Exo 2', '"Exo 2"' ),
+			'leading/trailing spaces' => array( '  Arial  ', '"  Arial  "' ),
+			'whitespace-only'         => array( '   ', '"   "' ),
+			'numbers pass through'    => array( '12345', '"12345"' ),
+			'non-ASCII passthrough'   => array( 'café', '"café"' ),
+
+			// Backslash escaping — must happen first to prevent double-escaping.
+			'backslash'               => array( 'Back\\Slash', '"Back\5C Slash"' ),
+			'double backslash'        => array( '\\\\', '"\5C \5C "' ),
+			'backslash before quote'  => array( "a\\'b", '"a\5C \27 b"' ),
+
+			// NULL byte → U+FFFD replacement character.
+			'null byte'               => array( "a\0b", '"a�b"' ),
+
+			// Newline normalization — all variants become \A escape.
+			'LF'                      => array( "a\nb", '"a\A b"' ),
+			'CR'                      => array( "a\rb", '"a\A b"' ),
+			'CRLF as single escape'   => array( "a\r\nb", '"a\A b"' ),
+			'form feed'               => array( "a\fb", '"a\A b"' ),
+
+			// HTML-problematic characters.
+			'HTML characters < > &'   => array( 'a<b>c&d', '"a\3C b\3E c\26 d"' ),
+
+			// CSS-problematic characters.
+			'CSS syntax , ; { }'      => array( 'a,b;c{d}', '"a\2C b\3B c\7B d\7D "' ),
+			'single quote'            => array( "CSS's strings", '"CSS\27 s strings"' ),
+			'double quote'            => array( 'Say "Hi"', '"Say \22 Hi\22 "' ),
+		);
+	}
+
+	/**
+	 * Tests the example from the class docblock.
+	 *
+	 * @covers ::string
+	 */
+	public function test_docblock_example(): void {
+		$value    = 'CSS & a "<style>" tag\'s strings';
+		$expected = '"CSS \26  a \22 \3C style\3E \22  tag\27 s strings"';
+
+		$this->assertSame( $expected, WP_CSS_Builder::string( $value ) );
+	}
+
+	/**
+	 * Tests a string containing mixed newline types.
+	 *
+	 * @covers ::string
+	 */
+	public function test_mixed_newlines(): void {
+		$input    = "line1\nline2\rline3\r\nline4\fline5";
+		$expected = '"line1\A line2\A line3\A line4\A line5"';
+
+		$this->assertSame( $expected, WP_CSS_Builder::string( $input ) );
+	}
+
+	/**
+	 * Tests WP_CSS_Builder::ident() produces valid CSS ident tokens.
+	 *
+	 * @ticket TBD
+	 *
+	 * @dataProvider data_ident
+	 *
+	 * @covers ::ident
+	 */
+	public function test_ident( string $input, string $expected ): void {
+		$this->assertSame( $expected, WP_CSS_Builder::ident( $input ) );
+	}
+
+	/**
+	 * Data provider for ident() tests.
+	 */
+	public static function data_ident(): Generator {
+		// Simple idents — no escaping needed.
+		yield 'Simple alpha ident' => array( 'serif', 'serif' );
+		yield 'Hyphenated ident' => array( 'sans-serif', 'sans-serif' );
+		yield 'Underscore prefix' => array( '_foo', '_foo' );
+		yield 'Single char' => array( 'a', 'a' );
+		yield 'Custom property prefix' => array( '--custom', '--custom' );
+
+		// Invalid ident starts — must be escaped.
+		yield 'Leading digits' => array( '123', '\\31 23' );
+		yield 'Leading digit with alpha' => array( '5foo', '\\35 foo' );
+		yield 'Hyphen then digit' => array( '-5px', '-\\35 px' );
+		yield 'Leading space' => array( ' leading-space', '\\20 leading-space' );
+		yield 'Leading tab' => array( "\tleading-tab", '\\9 leading-tab' );
+
+		// Whitespace within ident.
+		yield 'Space within' => array( 'My Font', 'My\\20 Font' );
+		yield 'Multiple spaces within' => array( 'a b c', 'a\\20 b\\20 c' );
+		yield 'Tab within' => array( "has\ttab", 'has\\9 tab' );
+		yield 'Newline within' => array( "has\nnewline", 'has\\A newline' );
+
+		// Special characters.
+		yield 'Apostrophe' => array( "Font's", 'Font\\27 s' );
+		yield 'Angle brackets' => array( '<html>', '\\3C html\\3E ' );
+		yield 'Comma' => array( 'a,b', 'a\\2C b' );
+		yield 'Semicolon' => array( 'a;b', 'a\\3B b' );
+	}
+}
diff --git a/tests/phpunit/tests/css-api/wpCssProcessor.php b/tests/phpunit/tests/css-api/wpCssProcessor.php
new file mode 100644
index 0000000000000..5e1b4b5854107
--- /dev/null
+++ b/tests/phpunit/tests/css-api/wpCssProcessor.php
@@ -0,0 +1,609 @@
+<?php
+
+/**
+ * Tests for WP_CSS_Processor.
+ *
+ * @group css-api
+ *
+ * @coversDefaultClass WP_CSS_Processor
+ */
+class Tests_CssApi_WpCssProcessor extends WP_UnitTestCase {
+
+	/**
+	 * @ticket TBD
+	 * @dataProvider data_valid_rules
+	 * @covers ::parse_a_rule
+	 */
+	public function test_parse_a_rule_valid( string $css ): void {
+		$this->assertTrue(
+			WP_CSS_Processor::parse_a_rule( $css ),
+			"Expected true for: {$css}"
+		);
+	}
+
+	/**
+	 * @ticket TBD
+	 * @dataProvider data_invalid_rules
+	 * @covers ::parse_a_rule
+	 */
+	public function test_parse_a_rule_invalid( string $css ): void {
+		$this->assertFalse(
+			WP_CSS_Processor::parse_a_rule( $css ),
+			"Expected false for: {$css}"
+		);
+	}
+
+	public static function data_valid_rules(): Generator {
+		/*
+		 * Qualified rules.
+		 */
+		yield 'Class selector' => array( '.a { color: red }' );
+		yield 'Type selector' => array( 'div { }' );
+		yield 'Universal selector' => array( '* { }' );
+		yield 'ID selector' => array( '#main { }' );
+		yield 'Descendant combinator' => array( 'div .a { }' );
+		yield 'Child combinator' => array( 'div > .a + .b { }' );
+		yield 'Attribute selector' => array( '[href] { }' );
+		yield 'Attribute selector with value' => array( '[type="text"] { }' );
+		yield 'Pseudo-class' => array( ':hover { }' );
+		yield 'Pseudo-element' => array( '::before { }' );
+		yield 'Compound selector' => array( 'div.class#id { }' );
+		yield 'Selector list' => array( 'h1, h2, h3 { }' );
+		yield 'Multiple declarations' => array( '.a { color: red; font-size: 16px }' );
+		yield 'Empty block no space' => array( '.a{}' );
+		yield 'Empty prelude' => array( '{ color: red }' );
+		yield 'Empty prelude empty block' => array( '{}' );
+		yield 'Declaration with !important' => array( '.a { color: red !important }' );
+
+		/*
+		 * CSS nesting.
+		 */
+		yield 'Nested rule' => array( '.parent { color: red; .child { color: blue } }' );
+		yield 'Deep nesting' => array( '.a { .b { .c { } } }' );
+		yield 'Nesting with declarations at multiple levels' => array(
+			'.parent { color: red; .child { color: blue; .grandchild { color: green } } }',
+		);
+
+		/*
+		 * At-rules: semicolon-terminated.
+		 */
+		yield '@charset' => array( '@charset "utf-8";' );
+		yield '@import url()' => array( '@import url("a");' );
+		yield '@import string' => array( '@import "styles.css";' );
+		yield '@namespace' => array( '@namespace svg "http://www.w3.org/2000/svg";' );
+		yield '@layer name semicolon' => array( '@layer name;' );
+
+		/*
+		 * At-rules: block-terminated.
+		 */
+		yield '@media with block' => array( '@media screen { }' );
+		yield '@font-face' => array( '@font-face { }' );
+		yield '@keyframes' => array( '@keyframes name { }' );
+		yield '@supports' => array( '@supports (display: grid) { }' );
+		yield '@layer with block' => array( '@layer { }' );
+		yield '@media with content' => array( '@media screen { body { color: red } }' );
+
+		/*
+		 * At-rules: complex preludes.
+		 */
+		yield '@media complex prelude' => array(
+			'@media (min-width: 600px) and (max-width: 900px) { }',
+		);
+		yield '@supports or' => array( '@supports (display: flex) or (display: grid) { }' );
+
+		/*
+		 * At-rules: EOF during at-rule (spec returns the at-rule despite parse error).
+		 */
+		yield '@charset no semicolon' => array( '@charset "utf-8"' );
+		yield '@import no semicolon' => array( '@import url("a")' );
+		yield '@layer name no semicolon' => array( '@layer name' );
+		yield 'At-keyword only' => array( '@media' );
+
+		/*
+		 * Whitespace handling.
+		 */
+		yield 'Leading spaces' => array( '   .a { }' );
+		yield 'Trailing spaces' => array( '.a { }   ' );
+		yield 'Leading and trailing spaces' => array( '   .a { }   ' );
+		yield 'Leading tab' => array( "\t.a { }" );
+		yield 'Leading newline' => array( "\n.a { }" );
+		yield 'Trailing newline' => array( ".a { }\n" );
+		yield 'Leading CRLF' => array( "\r\n.a { }" );
+		yield 'Mixed whitespace' => array( " \t\n .a { } \t\n " );
+
+		/*
+		 * Comment handling (spec assumes comments stripped; skip them like whitespace).
+		 */
+		yield 'Leading comment' => array( '/* comment */ .a { }' );
+		yield 'Trailing comment' => array( '.a { } /* comment */' );
+		yield 'Comments around at-rule' => array( '/* c1 */ @media screen { } /* c2 */' );
+
+		/*
+		 * Strings and URLs containing braces (tokenizer treats these as
+		 * single tokens, so braces inside must not affect block matching).
+		 */
+		yield 'String with closing brace in block' => array( '.a { content: "}" }' );
+		yield 'String with opening brace in block' => array( '.a { content: "{" }' );
+		yield 'String with braces in block' => array( '.a { content: "{ }" }' );
+		yield 'URL with closing brace in block' => array( ".a { background: url(a}) }" );
+
+		/*
+		 * Functional notation and paired tokens in preludes.
+		 */
+		yield 'Functional pseudo-class in prelude' => array( '.a:has(.b) { }' );
+		yield 'Nested parens and brackets in qualified prelude' => array( '.a:not([b]) { }' );
+		yield 'Parens with brace in at-rule prelude (string)' => array( '@supports (content: "{") { }' );
+		yield 'Brackets in at-rule prelude' => array( '@foo [screen] { }' );
+		yield 'Semicolon inside brackets in at-rule prelude' => array( '@foo [ ; ] { }' );
+		yield 'Brace inside brackets in at-rule prelude' => array( '@foo [{] { }' );
+		yield 'Brace inside function in at-rule prelude' => array( '@media func({) { }' );
+
+		/*
+		 * Escaped characters in preludes.
+		 */
+		yield 'Escaped open brace in prelude' => array( '.a\{ { }' );
+		yield 'Escaped close brace in prelude' => array( '.a\} { }' );
+
+		/*
+		 * Nested at-rules inside blocks.
+		 */
+		yield 'Nested at-rule inside media' => array( '@media screen { @font-face { } }' );
+		yield 'Multiple nested rules inside media' => array( '@media screen { .a { } .b { } }' );
+
+		/*
+		 * CDO/CDC tokens (<!-- -->) in prelude.
+		 */
+		yield 'CDO and CDC in qualified prelude' => array( '<!-- --> { }' );
+		yield 'CDO and CDC in at-rule prelude' => array( '@foo <!-- --> { }' );
+
+		/*
+		 * Unclosed blocks (spec returns rule on EOF inside block).
+		 */
+		yield 'Unclosed qualified rule block' => array( '.a { color: red' );
+		yield 'Unclosed at-rule block' => array( '@media screen { .a { color: red' );
+		yield 'Unclosed nested block' => array( '.a { .b {' );
+
+		/*
+		 * Additional edge cases from CSS parsing test suites.
+		 */
+		yield 'At-rule with prelude and trailing comment' => array( '@foo bar; 	/* comment */' );
+		yield 'At-rule with bracket and paren nesting' => array( ' /**/ @foo bar{[(4' );
+		yield 'At-rule unclosed block with content' => array( '@foo { bar' );
+		yield 'At-rule with unclosed bracket in prelude' => array( '@foo [ bar' );
+		yield 'Qualified rule with surrounding comments' => array( ' /**/ div > p { color: #aaa;  } /**/ ' );
+		yield 'Empty prelude unclosed block with comment' => array( ' /**/ { color: #aaa  ' );
+		yield 'CDO CDC not special in prelude' => array( ' /* CDO/CDC are not special */ <!-- --> {' );
+	}
+
+	public static function data_invalid_rules(): Generator {
+		/*
+		 * Empty / whitespace-only (step 3: EOF after skipping whitespace).
+		 */
+		yield 'Empty string' => array( '' );
+		yield 'Whitespace only spaces' => array( '   ' );
+		yield 'Whitespace only tab' => array( "\t" );
+		yield 'Whitespace only newline' => array( "\n" );
+		yield 'Whitespace only mixed' => array( " \t\n\r\n " );
+		yield 'Only a comment' => array( '/* comment */' );
+		yield 'Only comments' => array( '/* c1 */ /* c2 */' );
+
+		/*
+		 * Multiple rules (step 7: non-EOF after consuming rule).
+		 */
+		yield 'Two qualified rules' => array( '.a {} .b {}' );
+		yield 'Two at-rules' => array( '@charset "utf-8"; @import url("a");' );
+		yield 'Qualified then at-rule' => array( '.a {} @media {}' );
+		yield 'At-rule then qualified' => array( '@media {} .a {}' );
+		yield 'At-rule semicolon then qualified' => array( '@charset "utf-8"; .a {}' );
+
+		/*
+		 * Trailing non-whitespace after valid rule (step 7).
+		 */
+		yield 'Trailing ident after qualified rule' => array( '.a {} foo' );
+		yield 'Trailing selector after at-rule' => array( '@media screen { } .extra' );
+		yield 'Trailing semicolon after qualified rule' => array( '.a {} ;' );
+		yield 'Trailing brace after qualified rule' => array( '.a {} }' );
+
+		/*
+		 * Qualified rule with no block (EOF during consume qualified rule).
+		 */
+		yield 'Selector without block' => array( '.a' );
+		yield 'Type selector without block' => array( 'div' );
+		yield 'Complex selector without block' => array( 'div > .a + .b' );
+
+		/*
+		 * Lone punctuation (consumed as prelude, no block found -> EOF -> nothing).
+		 */
+		yield 'Just a semicolon' => array( ';' );
+		yield 'Just a closing brace' => array( '}' );
+		yield 'Just a colon' => array( ':' );
+		yield 'Just a comma' => array( ',' );
+
+		/*
+		 * @ sign not followed by ident (tokenizer produces DELIM, not AT_KEYWORD).
+		 * Treated as qualified rule prelude — no block → syntax error.
+		 */
+		yield 'Bare @ sign' => array( '@' );
+		yield '@ then semicolon' => array( '@;' );
+
+		/*
+		 * Braces inside () or [] in qualified rule prelude are consumed as
+		 * component values, not as the rule's block. The qualified rule never
+		 * finds its block → EOF → nothing.
+		 */
+		yield 'Brace inside parens in qualified prelude' => array( '.a:has({) { }' );
+		yield 'Brace inside brackets in qualified prelude' => array( '[x={] { }' );
+
+		/*
+		 * Additional edge cases from CSS parsing test suites.
+		 */
+		yield 'Two qualified rules with declarations' => array( 'div { color: #aaa; } p{}' );
+		yield 'Qualified rule then CDC' => array( 'div {} -->' );
+		yield 'Empty block then ident' => array( '{}a' );
+	}
+
+	/*
+	 * -----------------------------------------------------------------------
+	 * Declaration list cursor tests.
+	 * -----------------------------------------------------------------------
+	 */
+
+	/**
+	 * @ticket TBD
+	 * @dataProvider data_declaration_list_navigation
+	 * @covers ::next_declaration
+	 * @covers ::get_name
+	 * @covers ::get_value
+	 */
+	public function test_declaration_list_navigation( string $css, array $expected ): void {
+		$proc   = WP_CSS_Processor::create_declaration_list( $css );
+		$actual = array();
+		while ( $proc->next_declaration() ) {
+			$actual[] = array( $proc->get_name(), $proc->get_value() );
+		}
+		$this->assertSame( $expected, $actual, "Declarations from: {$css}" );
+	}
+
+	public static function data_declaration_list_navigation(): Generator {
+		yield 'Single declaration' => array(
+			'color: red',
+			array( array( 'color', 'red' ) ),
+		);
+		yield 'Multiple declarations' => array(
+			'color: red; font-size: 16px',
+			array( array( 'color', 'red' ), array( 'font-size', '16px' ) ),
+		);
+		yield 'Trailing semicolon' => array(
+			'color: red;',
+			array( array( 'color', 'red' ) ),
+		);
+		yield 'No space after colon' => array(
+			'color:red',
+			array( array( 'color', 'red' ) ),
+		);
+		yield 'Leading whitespace in value' => array(
+			'color:   red',
+			array( array( 'color', 'red' ) ),
+		);
+		yield 'Trailing whitespace in value' => array(
+			'color: red   ;',
+			array( array( 'color', 'red' ) ),
+		);
+		yield 'Empty value with semicolon' => array(
+			'color: ;',
+			array( array( 'color', '' ) ),
+		);
+		yield 'Empty value at EOF' => array(
+			'color:',
+			array( array( 'color', '' ) ),
+		);
+		yield 'Multi-token value' => array(
+			'font: bold 14px/1.5 sans-serif',
+			array( array( 'font', 'bold 14px/1.5 sans-serif' ) ),
+		);
+		yield '!important in value' => array(
+			'color: red !important',
+			array( array( 'color', 'red !important' ) ),
+		);
+		yield 'Function value' => array(
+			'color: var(--x)',
+			array( array( 'color', 'var(--x)' ) ),
+		);
+		yield 'Semicolon inside function' => array(
+			'--x: var(--y, a;b); color: red',
+			array( array( '--x', 'var(--y, a;b)' ), array( 'color', 'red' ) ),
+		);
+		yield 'Custom property with brace block' => array(
+			'--x: { a: b }',
+			array( array( '--x', '{ a: b }' ) ),
+		);
+		yield 'At-rule consumed not yielded' => array(
+			'@foo; color: red',
+			array( array( 'color', 'red' ) ),
+		);
+		yield 'Error recovery no colon' => array(
+			'foo bar; color: red',
+			array( array( 'color', 'red' ) ),
+		);
+		yield 'Error recovery non-ident' => array(
+			': red; color: blue',
+			array( array( 'color', 'blue' ) ),
+		);
+		yield 'Empty string' => array( '', array() );
+		yield 'Whitespace only' => array( '   ', array() );
+		yield 'Duplicate properties' => array(
+			'color: red; color: blue',
+			array( array( 'color', 'red' ), array( 'color', 'blue' ) ),
+		);
+		yield 'Escaped property name' => array(
+			'\63 olor: red',
+			array( array( 'color', 'red' ) ),
+		);
+		yield 'Comment between value tokens' => array(
+			'font: bold /* comment */ 14px',
+			array( array( 'font', 'bold /* comment */ 14px' ) ),
+		);
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::set_value
+	 * @covers ::get_updated_css
+	 */
+	public function test_set_value_basic(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( 'color: red; font: bold' );
+		while ( $proc->next_declaration() ) {
+			if ( 'color' === $proc->get_name() ) {
+				$this->assertTrue( $proc->set_value( 'blue' ) );
+			}
+		}
+		$this->assertSame( 'color: blue; font: bold', $proc->get_updated_css() );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::set_value
+	 * @covers ::get_updated_css
+	 */
+	public function test_set_value_preserves_whitespace(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( 'color:  red  ;' );
+		$proc->next_declaration();
+		$proc->set_value( 'blue' );
+		$this->assertSame( 'color:  blue  ;', $proc->get_updated_css() );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::set_value
+	 * @covers ::get_updated_css
+	 */
+	public function test_set_value_on_empty_value(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( 'color: ;' );
+		$proc->next_declaration();
+		$proc->set_value( 'blue' );
+		$this->assertSame( 'color: blue ;', $proc->get_updated_css() );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::set_value
+	 */
+	public function test_set_value_rejects_bare_semicolon(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( 'color: red' );
+		$proc->next_declaration();
+		$this->assertFalse( $proc->set_value( 'red; font: evil' ) );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::set_value
+	 */
+	public function test_set_value_rejects_unmatched_brace(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( 'color: red' );
+		$proc->next_declaration();
+		$this->assertFalse( $proc->set_value( '0;} body { display: none }' ) );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::set_value
+	 */
+	public function test_set_value_rejects_unbalanced_blocks(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( 'color: red' );
+		$proc->next_declaration();
+		$this->assertFalse( $proc->set_value( 'calc(1 + 2' ) );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::set_value
+	 */
+	public function test_set_value_accepts_matched_blocks(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( 'color: red' );
+		$proc->next_declaration();
+		$this->assertTrue( $proc->set_value( 'var(--x, fallback)' ) );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::set_value
+	 */
+	public function test_set_value_accepts_semicolon_inside_block(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( '--x: a' );
+		$proc->next_declaration();
+		$this->assertTrue( $proc->set_value( 'var(--y, a;b)' ) );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::remove
+	 * @covers ::get_updated_css
+	 */
+	public function test_remove_first_declaration(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( 'color: red; font: bold' );
+		$proc->next_declaration();
+		$proc->remove();
+		$proc->next_declaration();
+		$this->assertSame( ' font: bold', $proc->get_updated_css() );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::remove
+	 * @covers ::get_updated_css
+	 */
+	public function test_remove_last_declaration(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( 'color: red; font: bold' );
+		$proc->next_declaration();
+		$proc->next_declaration();
+		$proc->remove();
+		$this->assertSame( 'color: red; ', $proc->get_updated_css() );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::remove
+	 * @covers ::get_updated_css
+	 */
+	public function test_remove_all_declarations(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( 'color: red; font: bold' );
+		while ( $proc->next_declaration() ) {
+			$proc->remove();
+		}
+		$this->assertSame( ' ', $proc->get_updated_css() );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::remove
+	 * @covers ::get_updated_css
+	 */
+	public function test_remove_single_declaration_no_semicolon(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( 'color: red' );
+		$proc->next_declaration();
+		$proc->remove();
+		$this->assertSame( '', $proc->get_updated_css() );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::set_value
+	 * @covers ::remove
+	 * @covers ::get_updated_css
+	 */
+	public function test_last_mutation_wins(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( 'color: red' );
+		$proc->next_declaration();
+		$proc->set_value( 'blue' );
+		$proc->remove();
+		$this->assertSame( '', $proc->get_updated_css() );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::set_value
+	 * @covers ::remove
+	 * @covers ::get_updated_css
+	 */
+	public function test_last_mutation_wins_set_after_remove(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( 'color: red' );
+		$proc->next_declaration();
+		$proc->remove();
+		$proc->set_value( 'blue' );
+		$this->assertSame( 'color: blue', $proc->get_updated_css() );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::append_declaration
+	 * @covers ::get_updated_css
+	 */
+	public function test_append_declaration(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( 'color: red' );
+		$proc->append_declaration( 'font', 'bold' );
+		$this->assertSame( 'color: red; font: bold', $proc->get_updated_css() );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::append_declaration
+	 * @covers ::get_updated_css
+	 */
+	public function test_append_declaration_to_empty(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( '' );
+		$proc->append_declaration( 'color', 'red' );
+		$this->assertSame( ' color: red', $proc->get_updated_css() );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::append_declaration
+	 * @covers ::get_updated_css
+	 */
+	public function test_append_declaration_with_trailing_semicolon(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( 'color: red;' );
+		$proc->append_declaration( 'font', 'bold' );
+		$this->assertSame( 'color: red; font: bold', $proc->get_updated_css() );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::append_declaration
+	 */
+	public function test_append_declaration_rejects_invalid_name(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( '' );
+		$this->assertFalse( $proc->append_declaration( '123', 'red' ) );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::append_declaration
+	 */
+	public function test_append_declaration_rejects_multi_token_name(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( '' );
+		$this->assertFalse( $proc->append_declaration( 'color font', 'red' ) );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::append_declaration
+	 */
+	public function test_append_declaration_rejects_injection_in_value(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( '' );
+		$this->assertFalse( $proc->append_declaration( 'color', 'red; } body { display: none' ) );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::get_updated_css
+	 */
+	public function test_no_changes_round_trip(): void {
+		$css  = 'color: red; font-size: 16px';
+		$proc = WP_CSS_Processor::create_declaration_list( $css );
+		while ( $proc->next_declaration() ) {
+			// Read only, no mutations.
+		}
+		$this->assertSame( $css, $proc->get_updated_css() );
+	}
+
+	/**
+	 * @ticket TBD
+	 * @covers ::set_value
+	 * @covers ::remove
+	 * @covers ::append_declaration
+	 * @covers ::get_updated_css
+	 */
+	public function test_combined_set_remove_append(): void {
+		$proc = WP_CSS_Processor::create_declaration_list( 'color: red; display: none; font: bold' );
+		while ( $proc->next_declaration() ) {
+			if ( 'color' === $proc->get_name() ) {
+				$proc->set_value( 'blue' );
+			}
+			if ( 'display' === $proc->get_name() ) {
+				$proc->remove();
+			}
+		}
+		$proc->append_declaration( 'margin', '0' );
+		$this->assertSame( 'color: blue;  font: bold; margin: 0', $proc->get_updated_css() );
+	}
+}
diff --git a/tests/phpunit/tests/css-api/wpCssTokenProcessor.php b/tests/phpunit/tests/css-api/wpCssTokenProcessor.php
new file mode 100644
index 0000000000000..aa38fa3b423d7
--- /dev/null
+++ b/tests/phpunit/tests/css-api/wpCssTokenProcessor.php
@@ -0,0 +1,2448 @@
+<?php
+
+/**
+ * Comprehensive CSS processor tests based on the CSS Syntax Level 3 specification.
+ *
+ * @group css-api
+ */
+class Tests_CssApi_WpCssTokenProcessor extends WP_UnitTestCase {
+	/**
+	 * Tests that the processor produces the expected tokens for all test cases.
+	 *
+	 * @dataProvider corpus_provider
+	 */
+	public function test_processor_matches_spec( string $css, array $expected_tokens ): void {
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor );
+		$this->assertSame( $expected_tokens, $actual_tokens );
+	}
+
+	/**
+	 * Provides the test cases from the @rmenke/css-processor-test test corpus.
+	 *
+	 * @see https://github.com/romainmenke/css-processor-tests/
+	 * @return array
+	 */
+	public static function corpus_provider(): array {
+		return json_decode( file_get_contents( DIR_TESTDATA . '/css-api/css-test-cases.json' ), true );
+	}
+
+	/**
+	 * Collects all tokens from a CSS processor into an array.
+	 *
+	 * @param WP_CSS_Token_Processor $processor The CSS processor.
+	 * @return array Array of tokens with type, raw, startIndex, endIndex, structured.
+	 */
+	public static function collect_tokens( WP_CSS_Token_Processor $processor, $keys = null ): array {
+		$tokens = array();
+
+		while ( $processor->next_token() ) {
+			$type = $processor->get_token_type();
+
+			$byte_start = $processor->get_token_start();
+			$byte_end   = $byte_start + $processor->get_token_length();
+
+			$token = array(
+				'type'       => $type,
+				'raw'        => $processor->get_unnormalized_token(),
+				'startIndex' => $byte_start,
+				'endIndex'   => $byte_end,
+				'normalized' => $processor->get_normalized_token(),
+				'value'      => $processor->get_token_value(),
+			);
+			if ( null !== $processor->get_token_unit() ) {
+				$token['unit'] = $processor->get_token_unit();
+			}
+
+			if ( null !== $keys ) {
+				$token = array_intersect_key( $token, array_flip( $keys ) );
+			}
+
+			$tokens[] = $token;
+		}
+
+		return $tokens;
+	}
+
+	/**
+	 * Tests handling of non-UTF-8 byte sequences in identifiers.
+	 *
+	 * Invalid UTF-8 sequences should be replaced with U+FFFD replacement characters
+	 * during tokenization, allowing the CSS to continue processing.
+	 */
+	public function test_non_utf8_sequences_in_identifiers(): void {
+		// Invalid UTF-8 sequence 0xC0 0x80 (overlong encoding).
+		$css = ".class\xF1name";
+
+		$expected = array(
+			// .class�name (0xF1 replaced with U+FFFD).
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'        => '.',
+				'normalized' => '.',
+				'value'      => '.',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'        => "class\xF1name",
+				'normalized' => 'class�name',
+				'value'      => 'class�name',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw', 'normalized', 'value', 'unit' ) );
+		$this->assertSame( $expected, $actual_tokens );
+	}
+
+	public function test_invalid_utf8_with_valid_prefix_in_identifiers(): void {
+		// Invalid 2-byte prefix is replaced with a single U+FFFD.
+		$css = ".test\xE2\x80name";
+
+		$expected = array(
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'        => '.',
+				'normalized' => '.',
+				'value'      => '.',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'        => "test\xE2\x80name",
+				'normalized' => 'test�name',
+				'value'      => 'test�name',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw', 'normalized', 'value' ) );
+		$this->assertSame( $expected, $actual_tokens );
+	}
+
+	public function test_invalid_utf8_with_two_single_byte_invalid_sequences(): void {
+		// Two distinct single byte invalid sequences are replaced with
+		// two separate U+FFFD replacement characters.
+		$css = ".test\xE2\xE2name";
+
+		$expected = array(
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'        => '.',
+				'normalized' => '.',
+				'value'      => '.',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'        => "test\xE2\xE2name",
+				'normalized' => 'test��name',
+				'value'      => 'test��name',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw', 'normalized', 'value' ) );
+		$this->assertSame( $expected, $actual_tokens );
+	}
+
+	/**
+	 * Legacy test to ensure basic tokenization still works.
+	 */
+	public function test_tokenize_labels_core_tokens(): void {
+		$css = <<<CSS
+@media screen and (min-width: 10px) {
+	background: url("/images/a.png");
+}
+CSS;
+
+		$expected = array(
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_AT_KEYWORD,
+				'raw'  => '@media',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'screen',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'and',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_LEFT_PAREN,
+				'raw'  => '(',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'min-width',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DIMENSION,
+				'raw'  => '10px',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN,
+				'raw'  => ')',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_LEFT_BRACE,
+				'raw'  => '{',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => "\n\t",
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'background',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_FUNCTION,
+				'raw'  => 'url(',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_STRING,
+				'raw'  => '"/images/a.png"',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN,
+				'raw'  => ')',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'  => ';',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => "\n",
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_BRACE,
+				'raw'  => '}',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
+		$this->assertSame( $actual_tokens, $expected );
+	}
+
+	/**
+	 * Tests tokenization of complex selectors with pseudo-classes.
+	 */
+	public function test_complex_selector_with_pseudo_classes(): void {
+		$css = 'a:hover::before, div.class#id:not(.disabled)';
+
+		$expected = array(
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'a',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'hover',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'before',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COMMA,
+				'raw'  => ',',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'div',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'  => '.',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'class',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_HASH,
+				'raw'  => '#id',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_FUNCTION,
+				'raw'  => 'not(',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'  => '.',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'disabled',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN,
+				'raw'  => ')',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
+		$this->assertSame( $actual_tokens, $expected );
+	}
+
+	/**
+	 * Tests tokenization of CSS comments.
+	 */
+	public function test_css_comments(): void {
+		$css = '/* This is a comment */ .class { color: red; /* Another comment */ }';
+
+		$expected = array(
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COMMENT,
+				'raw'  => '/* This is a comment */',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'  => '.',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'class',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_LEFT_BRACE,
+				'raw'  => '{',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'color',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'red',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'  => ';',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COMMENT,
+				'raw'  => '/* Another comment */',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_BRACE,
+				'raw'  => '}',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
+		$this->assertSame( $actual_tokens, $expected );
+	}
+
+	/**
+	 * Tests tokenization of media queries.
+	 */
+	public function test_media_query(): void {
+		$css = '@media screen and (min-width: 768px) and (max-width: 1024px)';
+
+		$expected = array(
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_AT_KEYWORD,
+				'raw'  => '@media',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'screen',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'and',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_LEFT_PAREN,
+				'raw'  => '(',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'min-width',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DIMENSION,
+				'raw'  => '768px',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN,
+				'raw'  => ')',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'and',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_LEFT_PAREN,
+				'raw'  => '(',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'max-width',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DIMENSION,
+				'raw'  => '1024px',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN,
+				'raw'  => ')',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
+		$this->assertSame( $actual_tokens, $expected );
+	}
+
+	/**
+	 * Tests tokenization of keyframes animation.
+	 */
+	public function test_keyframes_animation(): void {
+		$css = '@keyframes slide-in { 0% { opacity: 0; } 100% { opacity: 1; } }';
+
+		$expected = array(
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_AT_KEYWORD,
+				'raw'  => '@keyframes',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'slide-in',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_LEFT_BRACE,
+				'raw'  => '{',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_PERCENTAGE,
+				'raw'  => '0%',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_LEFT_BRACE,
+				'raw'  => '{',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'opacity',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_NUMBER,
+				'raw'  => '0',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'  => ';',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_BRACE,
+				'raw'  => '}',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_PERCENTAGE,
+				'raw'  => '100%',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_LEFT_BRACE,
+				'raw'  => '{',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'opacity',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_NUMBER,
+				'raw'  => '1',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'  => ';',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_BRACE,
+				'raw'  => '}',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_BRACE,
+				'raw'  => '}',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
+		$this->assertSame( $actual_tokens, $expected );
+	}
+
+	/**
+	 * Tests tokenization of vendor-prefixed properties.
+	 */
+	public function test_vendor_prefixed_properties(): void {
+		$css = '-webkit-transform: rotate(45deg); -moz-border-radius: 5px;';
+
+		$expected = array(
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => '-webkit-transform',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_FUNCTION,
+				'raw'  => 'rotate(',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DIMENSION,
+				'raw'  => '45deg',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN,
+				'raw'  => ')',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'  => ';',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => '-moz-border-radius',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DIMENSION,
+				'raw'  => '5px',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'  => ';',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
+		$this->assertSame( $actual_tokens, $expected );
+	}
+
+	/**
+	 * Tests tokenization of attribute selectors.
+	 */
+	public function test_attribute_selectors(): void {
+		$css = 'input[type="text"][required], a[href^="https://"]';
+
+		$expected = array(
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'input',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_LEFT_BRACKET,
+				'raw'  => '[',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'type',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'  => '=',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_STRING,
+				'raw'  => '"text"',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_BRACKET,
+				'raw'  => ']',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_LEFT_BRACKET,
+				'raw'  => '[',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'required',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_BRACKET,
+				'raw'  => ']',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COMMA,
+				'raw'  => ',',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'a',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_LEFT_BRACKET,
+				'raw'  => '[',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'href',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'  => '^',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'  => '=',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_STRING,
+				'raw'  => '"https://"',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_BRACKET,
+				'raw'  => ']',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
+		$this->assertSame( $actual_tokens, $expected );
+	}
+
+	/**
+	 * Tests tokenization of calc() function with complex expressions.
+	 */
+	public function test_calc_function(): void {
+		$css = 'width: calc(100% - 20px * 2 + 5em);';
+
+		$expected = array(
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'width',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_FUNCTION,
+				'raw'  => 'calc(',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_PERCENTAGE,
+				'raw'  => '100%',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'  => '-',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DIMENSION,
+				'raw'  => '20px',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'  => '*',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_NUMBER,
+				'raw'  => '2',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'  => '+',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DIMENSION,
+				'raw'  => '5em',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN,
+				'raw'  => ')',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'  => ';',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
+		$this->assertSame( $actual_tokens, $expected );
+	}
+
+	/**
+	 * Tests tokenization of RGB/RGBA color functions.
+	 */
+	public function test_color_functions(): void {
+		$css = 'color: rgb(255, 128, 0); background: rgba(0, 0, 0, 0.5);';
+
+		$expected = array(
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'color',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_FUNCTION,
+				'raw'  => 'rgb(',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_NUMBER,
+				'raw'  => '255',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COMMA,
+				'raw'  => ',',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_NUMBER,
+				'raw'  => '128',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COMMA,
+				'raw'  => ',',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_NUMBER,
+				'raw'  => '0',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN,
+				'raw'  => ')',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'  => ';',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'background',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_FUNCTION,
+				'raw'  => 'rgba(',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_NUMBER,
+				'raw'  => '0',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COMMA,
+				'raw'  => ',',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_NUMBER,
+				'raw'  => '0',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COMMA,
+				'raw'  => ',',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_NUMBER,
+				'raw'  => '0',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COMMA,
+				'raw'  => ',',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_NUMBER,
+				'raw'  => '0.5',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN,
+				'raw'  => ')',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'  => ';',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
+		$this->assertSame( $actual_tokens, $expected );
+	}
+
+	/**
+	 * Tests tokenization of CSS custom properties (variables).
+	 */
+	public function test_css_variables(): void {
+		$css = '--main-color: #ff0000; color: var(--main-color);';
+
+		$expected = array(
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => '--main-color',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_HASH,
+				'raw'  => '#ff0000',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'  => ';',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'color',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_FUNCTION,
+				'raw'  => 'var(',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => '--main-color',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN,
+				'raw'  => ')',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'  => ';',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
+		$this->assertSame( $actual_tokens, $expected );
+	}
+
+	/**
+	 * Tests tokenization of gradient functions.
+	 */
+	public function test_gradient_functions(): void {
+		$css = 'background: linear-gradient(to right, red 0%, blue 100%);';
+
+		$expected = array(
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'background',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_FUNCTION,
+				'raw'  => 'linear-gradient(',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'to',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'right',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COMMA,
+				'raw'  => ',',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'red',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_PERCENTAGE,
+				'raw'  => '0%',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COMMA,
+				'raw'  => ',',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'blue',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_PERCENTAGE,
+				'raw'  => '100%',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN,
+				'raw'  => ')',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'  => ';',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
+		$this->assertSame( $actual_tokens, $expected );
+	}
+
+	/**
+	 * Tests tokenization of grid layout properties.
+	 */
+	public function test_grid_layout(): void {
+		$css = 'grid-template-columns: repeat(3, 1fr); gap: 10px 20px;';
+
+		$expected = array(
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'grid-template-columns',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_FUNCTION,
+				'raw'  => 'repeat(',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_NUMBER,
+				'raw'  => '3',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COMMA,
+				'raw'  => ',',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DIMENSION,
+				'raw'  => '1fr',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN,
+				'raw'  => ')',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'  => ';',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'gap',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DIMENSION,
+				'raw'  => '10px',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DIMENSION,
+				'raw'  => '20px',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'  => ';',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
+		$this->assertSame( $actual_tokens, $expected );
+	}
+
+	/**
+	 * Tests tokenization of URL functions with various formats.
+	 */
+	public function test_url_formats(): void {
+		$css = 'background: url("image.png"), url(\'font.woff\'), url(https://example.com/bg.jpg);';
+
+		$expected = array(
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'background',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_FUNCTION,
+				'raw'  => 'url(',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_STRING,
+				'raw'  => '"image.png"',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN,
+				'raw'  => ')',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COMMA,
+				'raw'  => ',',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_FUNCTION,
+				'raw'  => 'url(',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_STRING,
+				'raw'  => "'font.woff'",
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN,
+				'raw'  => ')',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COMMA,
+				'raw'  => ',',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_URL,
+				'raw'  => 'url(https://example.com/bg.jpg)',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'  => ';',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
+		$this->assertSame( $actual_tokens, $expected );
+	}
+
+	/**
+	 * Tests tokenization of !important declarations.
+	 */
+	public function test_important_declarations(): void {
+		$css = 'color: red !important; margin: 0px !important;';
+
+		$expected = array(
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'color',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'red',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'  => '!',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'important',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'  => ';',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'margin',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DIMENSION,
+				'raw'  => '0px',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'  => '!',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'important',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'  => ';',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
+		$this->assertSame( $actual_tokens, $expected );
+	}
+
+	/**
+	 * Tests tokenization of multiple selectors with combinators.
+	 */
+	public function test_complex_combinators(): void {
+		$css = 'div > p + span ~ a.link';
+
+		$expected = array(
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'div',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'  => '>',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'p',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'  => '+',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'span',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'  => '~',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'a',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'  => '.',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'link',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
+		$this->assertSame( $actual_tokens, $expected );
+	}
+
+	/**
+	 * Tests tokenization of escaped characters in identifiers.
+	 */
+	public function test_escaped_identifiers(): void {
+		$css = '.class\\:name, #id\\@special { color: blue; }';
+
+		$expected = array(
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'  => '.',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'class\\:name',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COMMA,
+				'raw'  => ',',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_HASH,
+				'raw'  => '#id\\@special',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_LEFT_BRACE,
+				'raw'  => '{',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'color',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'  => ':',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'  => 'blue',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'  => ';',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'  => ' ',
+			),
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_RIGHT_BRACE,
+				'raw'  => '}',
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
+		$this->assertSame( $actual_tokens, $expected );
+	}
+
+	/**
+	 * Tests that get_normalized_token() applies CSS normalization.
+	 *
+	 * Uses a comprehensive CSS selector with rules that includes:
+	 * - CSS escapes in class names and IDs
+	 * - URLs with escape sequences
+	 * - String values with escapes and line endings
+	 * - Comments with various line ending characters
+	 * - Null bytes in identifiers
+	 * - Mixed line endings (\r\n, \r, \f) that need normalization
+	 */
+	public function test_get_normalized_token_applies_normalization(): void {
+		// Comprehensive CSS with normalization requirements.
+		$css = "/* Comment\r\nwith\flines */\r\n" .
+				".c\\6c ass.n\\61 me\r#id\\@value\r\n{\r\n" .
+				"\tbackground:\furl(path\\2f to\\2f image.png);\r\n" .
+				"\tcontent:\r\"text\\A string\";\r\n" .
+				'}';
+
+		$expected = array(
+			// Comment with \r\n and \f.
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_COMMENT,
+				'raw'        => "/* Comment\r\nwith\flines */",
+				'normalized' => "/* Comment\nwith\nlines */",
+				'value'      => null,
+			),
+			// Whitespace with \r\n.
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => "\r\n",
+				'normalized' => "\n",
+				'value'      => null,
+			),
+			// Class selector delimiter.
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'        => '.',
+				'normalized' => '.',
+				'value'      => '.',
+			),
+			// Class name with escape (\6c = 'l'), space gets consumed by escape.
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'        => 'c\\6c ass',
+				'normalized' => 'class', // Escapes decoded.
+				'value'      => 'class', // Decoded: \6c → l, space consumed.
+			),
+			// Delimiter.
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'        => '.',
+				'normalized' => '.',
+				'value'      => '.',
+			),
+			// Identifier with escape (\61 = 'a'), space gets consumed.
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'        => 'n\\61 me',
+				'normalized' => 'name', // Escapes decoded.
+				'value'      => 'name', // Decoded: \61 → a, space consumed.
+			),
+			// Whitespace with \r.
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => "\r",
+				'normalized' => "\n",
+				'value'      => null,
+			),
+			// ID selector with escape.
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_HASH,
+				'raw'        => '#id\\@value',
+				'normalized' => '#id@value', // Escapes decoded.
+				'value'      => 'id@value', // Decoded value.
+			),
+			// Whitespace with \r\n.
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => "\r\n",
+				'normalized' => "\n",
+				'value'      => null,
+			),
+			// Opening brace.
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_LEFT_BRACE,
+				'raw'        => '{',
+				'normalized' => '{',
+				'value'      => null,
+			),
+			// Whitespace with \r\n and tab (consumed together).
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => "\r\n\t",
+				'normalized' => "\n\t",
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'        => 'background',
+				'normalized' => 'background',
+				'value'      => 'background',
+			),
+			// Colon.
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'        => ':',
+				'normalized' => ':',
+				'value'      => null,
+			),
+			// Whitespace with \f.
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => "\f",
+				'normalized' => "\n",
+				'value'      => null,
+			),
+			// URL token with escapes (entire url(...) is one token).
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_URL,
+				'raw'        => 'url(path\\2f to\\2f image.png)',
+				'normalized' => 'url(path/to/image.png)', // Escapes decoded.
+				'value'      => 'path/to/image.png', // Decoded: \2f → /, spaces consumed.
+			),
+			// Semicolon.
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'        => ';',
+				'normalized' => ';',
+				'value'      => null,
+			),
+			// Whitespace with \r\n and tab (consumed together).
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => "\r\n\t",
+				'normalized' => "\n\t",
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'        => 'content',
+				'normalized' => 'content',
+				'value'      => 'content',
+			),
+			// Colon.
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'        => ':',
+				'normalized' => ':',
+				'value'      => null,
+			),
+			// Whitespace with \r.
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => "\r",
+				'normalized' => "\n",
+				'value'      => null,
+			),
+			// String with escape (\A = newline, space consumed).
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_STRING,
+				'raw'        => '"text\\A string"',
+				'normalized' => "\"text\nstring\"", // Escapes decoded, quotes preserved.
+				'value'      => "text\nstring", // \A → \n, space consumed.
+			),
+			// Semicolon.
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'        => ';',
+				'normalized' => ';',
+				'value'      => null,
+			),
+			// Whitespace with \r\n.
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => "\r\n",
+				'normalized' => "\n",
+				'value'      => null,
+			),
+			// Closing brace.
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_RIGHT_BRACE,
+				'raw'        => '}',
+				'normalized' => '}',
+				'value'      => null,
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw', 'normalized', 'value' ) );
+		$this->assertSame( $expected, $actual_tokens );
+	}
+
+	public function test_dimension_token_value(): void {
+		$css           = '10px;15em;20%;30pt;40pc;50vw;';
+		$expected      = array(
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_DIMENSION,
+				'raw'        => '10px',
+				'normalized' => '10px',
+				'value'      => '10',
+				'unit'       => 'px',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'        => ';',
+				'normalized' => ';',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_DIMENSION,
+				'raw'        => '15em',
+				'normalized' => '15em',
+				'value'      => '15',
+				'unit'       => 'em',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'        => ';',
+				'normalized' => ';',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_PERCENTAGE,
+				'raw'        => '20%',
+				'normalized' => '20%',
+				'value'      => '20',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'        => ';',
+				'normalized' => ';',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_DIMENSION,
+				'raw'        => '30pt',
+				'normalized' => '30pt',
+				'value'      => '30',
+				'unit'       => 'pt',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'        => ';',
+				'normalized' => ';',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_DIMENSION,
+				'raw'        => '40pc',
+				'normalized' => '40pc',
+				'value'      => '40',
+				'unit'       => 'pc',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'        => ';',
+				'normalized' => ';',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_DIMENSION,
+				'raw'        => '50vw',
+				'normalized' => '50vw',
+				'value'      => '50',
+				'unit'       => 'vw',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'        => ';',
+				'normalized' => ';',
+				'value'      => null,
+			),
+		);
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw', 'normalized', 'value', 'unit' ) );
+		$this->assertSame( $expected, $actual_tokens );
+	}
+
+	/**
+	 * Tests that create() validates encoding and only accepts UTF-8.
+	 */
+	public function test_create_validates_encoding(): void {
+		// UTF-8 encoding should work (default).
+		$processor = WP_CSS_Token_Processor::create( '.class { color: red; }' );
+		$this->assertInstanceOf( WP_CSS_Token_Processor::class, $processor );
+
+		// UTF-8 encoding should work (explicit).
+		$processor = WP_CSS_Token_Processor::create( '.class { color: red; }', 'UTF-8' );
+		$this->assertInstanceOf( WP_CSS_Token_Processor::class, $processor );
+
+		// Other encodings should return null.
+		$processor = WP_CSS_Token_Processor::create( '.class { color: red; }', 'ISO-8859-1' );
+		$this->assertNull( $processor );
+
+		$processor = WP_CSS_Token_Processor::create( '.class { color: red; }', 'Windows-1252' );
+		$this->assertNull( $processor );
+	}
+
+	/**
+	 * Tests escape sequences in unusual and edge-case positions.
+	 *
+	 * Covers:
+	 * - Multiple consecutive escapes
+	 * - Escapes in function names
+	 * - Escapes in at-keywords
+	 * - Escapes in dimension units
+	 * - Null byte escapes (\0)
+	 * - Escaped special characters (@, #, !, etc.)
+	 * - Escaped whitespace that gets consumed by the escape
+	 * - Unicode escapes for various characters
+	 */
+	public function test_escape_sequences_in_unusual_places() {
+		// Complex CSS with escapes in many unusual but valid positions
+		$css = '@\\6D edia ' . // @media with \6D (m) and space consumed
+				'\\73 creen ' . // screen with \73 (s) and space consumed
+				'{' .
+				' .\\63 l\\61 ss\\5F name ' . // .class_name with escapes and spaces consumed
+				"#\\69 d\\5C 0test\x00 " . // #id\0test with null byte escape (should be preserved)
+														// AND an actual null byte (should be replaced with a U+FFFD REPLACEMENT CHARACTER)
+				'{' .
+				' c\\6F lor: ' . // color: with \6F (o) and space consumed
+				'r\\65 d ' . // red with escape
+				'\\21 important;' . // !important with escaped !
+				' w\\69 dth: ' . // width:
+				'10\\70 x;' . // 10px (dimension with escaped unit)
+				' background: ' .
+				'\\75 rl(' . // url( with escaped u
+				'"p\\61 th\\2F img\\2E png"' . // "path/img.png" with escapes
+				');' .
+				' content: "\\5C \\5C ";' . // "\\ \\" - escaped backslashes
+				' font-family: \\22 Arial\\22 ;' . // "Arial" with escaped quotes
+				' }' .
+				'}';
+
+		$expected = array(
+			// @\6D edia -> @media
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_AT_KEYWORD,
+				'raw'        => '@\\6D edia',
+				'normalized' => '@media',
+				'value'      => 'media',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => ' ',
+				'normalized' => ' ',
+				'value'      => null,
+			),
+			// \73 creen -> screen
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'        => '\\73 creen',
+				'normalized' => 'screen',
+				'value'      => 'screen',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => ' ',
+				'normalized' => ' ',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_LEFT_BRACE,
+				'raw'        => '{',
+				'normalized' => '{',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => ' ',
+				'normalized' => ' ',
+				'value'      => null,
+			),
+			// Delimiter .
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'        => '.',
+				'normalized' => '.',
+				'value'      => '.',
+			),
+			// \63 l\61 ss\5F name -> class_name
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'        => '\\63 l\\61 ss\\5F name',
+				'normalized' => 'class_name',
+				'value'      => 'class_name',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => ' ',
+				'normalized' => ' ',
+				'value'      => null,
+			),
+			// #\69 d\5C 0test -> #id\0test (with encoded null byte)
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_HASH,
+				'raw'        => "#\\69 d\\5C 0test\x00",
+				'normalized' => "#id\\0test�",
+				// Ensure the value is normalized.
+				'value'      => "id\\0test�",
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => ' ',
+				'normalized' => ' ',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_LEFT_BRACE,
+				'raw'        => '{',
+				'normalized' => '{',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => ' ',
+				'normalized' => ' ',
+				'value'      => null,
+			),
+			// c\6F lor -> color
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'        => 'c\\6F lor',
+				'normalized' => 'color',
+				'value'      => 'color',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'        => ':',
+				'normalized' => ':',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => ' ',
+				'normalized' => ' ',
+				'value'      => null,
+			),
+			// r\65 d -> red
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'        => 'r\\65 d',
+				'normalized' => 'red',
+				'value'      => 'red',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => ' ',
+				'normalized' => ' ',
+				'value'      => null,
+			),
+			// \21 important -> !important (single identifier with escaped !)
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'        => '\\21 important',
+				'normalized' => '!important',
+				'value'      => '!important',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'        => ';',
+				'normalized' => ';',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => ' ',
+				'normalized' => ' ',
+				'value'      => null,
+			),
+			// w\69 dth -> width
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'        => 'w\\69 dth',
+				'normalized' => 'width',
+				'value'      => 'width',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'        => ':',
+				'normalized' => ':',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => ' ',
+				'normalized' => ' ',
+				'value'      => null,
+			),
+			// 10\70 x -> 10px (dimension with escaped unit)
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_DIMENSION,
+				'raw'        => '10\\70 x',
+				'normalized' => '10px',
+				'value'      => '10',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'        => ';',
+				'normalized' => ';',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => ' ',
+				'normalized' => ' ',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'        => 'background',
+				'normalized' => 'background',
+				'value'      => 'background',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'        => ':',
+				'normalized' => ':',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => ' ',
+				'normalized' => ' ',
+				'value'      => null,
+			),
+			// \75 rl( -> url( (escaped function name)
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_FUNCTION,
+				'raw'        => '\\75 rl(',
+				'normalized' => 'url(',
+				'value'      => 'url',
+			),
+			// String with escapes: "p\61 th\2F img\2E png"
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_STRING,
+				'raw'        => '"p\\61 th\\2F img\\2E png"',
+				'normalized' => '"path/img.png"',
+				'value'      => 'path/img.png',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_RIGHT_PAREN,
+				'raw'        => ')',
+				'normalized' => ')',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'        => ';',
+				'normalized' => ';',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => ' ',
+				'normalized' => ' ',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'        => 'content',
+				'normalized' => 'content',
+				'value'      => 'content',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'        => ':',
+				'normalized' => ':',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => ' ',
+				'normalized' => ' ',
+				'value'      => null,
+			),
+			// String with escaped backslashes: "\5C \5C " -> "\\"
+			// Each \5C sequence (with trailing space consumed) becomes one backslash
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_STRING,
+				'raw'        => '"\\5C \\5C "',
+				'normalized' => '"\\\\"',
+				'value'      => '\\\\',  // Two backslashes total
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'        => ';',
+				'normalized' => ';',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => ' ',
+				'normalized' => ' ',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'        => 'font-family',
+				'normalized' => 'font-family',
+				'value'      => 'font-family',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_COLON,
+				'raw'        => ':',
+				'normalized' => ':',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => ' ',
+				'normalized' => ' ',
+				'value'      => null,
+			),
+			// \22 Arial\22 -> "Arial" (escaped quotes make it an ident)
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_IDENT,
+				'raw'        => '\\22 Arial\\22 ',
+				'normalized' => '"Arial"',
+				'value'      => '"Arial"',
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_SEMICOLON,
+				'raw'        => ';',
+				'normalized' => ';',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_WHITESPACE,
+				'raw'        => ' ',
+				'normalized' => ' ',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_RIGHT_BRACE,
+				'raw'        => '}',
+				'normalized' => '}',
+				'value'      => null,
+			),
+			array(
+				'type'       => WP_CSS_Token_Processor::TOKEN_RIGHT_BRACE,
+				'raw'        => '}',
+				'normalized' => '}',
+				'value'      => null,
+			),
+		);
+
+		$processor     = WP_CSS_Token_Processor::create( $css );
+		$actual_tokens = $this->collect_tokens( $processor, array( 'type', 'raw', 'normalized', 'value' ) );
+		$this->assertSame( $expected, $actual_tokens );
+	}
+
+	/**
+	 * Tests that set_token_value() only works on URL tokens.
+	 */
+	public function test_set_token_value_only_works_on_url_tokens(): void {
+		$css       = 'color: red; background: url(old.jpg);';
+		$processor = WP_CSS_Token_Processor::create( $css );
+
+		while ( $processor->next_token() ) {
+			$token_type = $processor->get_token_type();
+
+			if ( WP_CSS_Token_Processor::TOKEN_URL === $token_type ) {
+				// Should succeed on URL tokens.
+				$this->assertTrue( $processor->set_token_value( 'new.jpg' ) );
+			} else {
+				// Should fail on non-URL tokens.
+				$this->assertFalse( $processor->set_token_value( 'test' ) );
+			}
+		}
+
+		// Verify the update was applied.
+		$updated = $processor->get_updated_css();
+		$this->assertSame( 'color: red; background: url("new.jpg");', $updated );
+	}
+
+	/**
+	 * Tests that set_token_value() properly escapes special characters in quoted URLs.
+	 */
+	public function test_set_token_value_escapes_special_characters(): void {
+		$css       = 'background: url(old.jpg);';
+		$processor = WP_CSS_Token_Processor::create( $css );
+
+		while ( $processor->next_token() ) {
+			if ( WP_CSS_Token_Processor::TOKEN_URL === $processor->get_token_type() ) {
+				// URL with spaces, quotes, and parentheses.
+				$processor->set_token_value( 'path with spaces("special").jpg' );
+			}
+		}
+
+		$updated = $processor->get_updated_css();
+
+		$this->assertSame( 'background: url("path with spaces(\\22 special\\22 ).jpg");', $updated );
+	}
+
+	/**
+	 * Tests that set_token_value() preserves Unicode characters in quoted URLs.
+	 */
+	public function test_set_token_value_encodes_unicode(): void {
+		$css       = 'background: url(old.jpg);';
+		$processor = WP_CSS_Token_Processor::create( $css );
+
+		while ( $processor->next_token() ) {
+			if ( WP_CSS_Token_Processor::TOKEN_URL === $processor->get_token_type() ) {
+				// URL with Unicode characters: "测试.jpg" (Chinese characters).
+				$processor->set_token_value( '测试.jpg' );
+			}
+		}
+
+		$updated = $processor->get_updated_css();
+
+		$this->assertSame( 'background: url("测试.jpg");', $updated );
+	}
+
+	/**
+	 * Tests that set_token_value() preserves emoji in quoted URLs.
+	 */
+	public function test_set_token_value_handles_emoji(): void {
+		$css       = 'background: url(old.jpg);';
+		$processor = WP_CSS_Token_Processor::create( $css );
+
+		while ( $processor->next_token() ) {
+			if ( WP_CSS_Token_Processor::TOKEN_URL === $processor->get_token_type() ) {
+				// URL with emoji: "image😀.jpg".
+				$processor->set_token_value( 'image😀.jpg' );
+			}
+		}
+
+		$updated = $processor->get_updated_css();
+
+		$this->assertSame( 'background: url("image😀.jpg");', $updated );
+	}
+
+	/**
+	 * Tests that multiple URL values can be updated in the same CSS.
+	 */
+	public function test_set_token_value_multiple_urls(): void {
+		$css       = 'background: url(old1.jpg); border-image: url(old2.png);';
+		$processor = WP_CSS_Token_Processor::create( $css );
+
+		$url_count = 0;
+		while ( $processor->next_token() ) {
+			if ( WP_CSS_Token_Processor::TOKEN_URL === $processor->get_token_type() ) {
+				++$url_count;
+				if ( 1 === $url_count ) {
+					$processor->set_token_value( 'new1.jpg' );
+				} elseif ( 2 === $url_count ) {
+					$processor->set_token_value( 'new2.png' );
+				}
+			}
+		}
+
+		$updated = $processor->get_updated_css();
+
+		// Verify both URLs were updated.
+		$this->assertSame( 'background: url("new1.jpg"); border-image: url("new2.png");', $updated );
+	}
+
+	/**
+	 * Tests that newlines are properly escaped in quoted URLs.
+	 */
+	public function test_set_token_value_escapes_control_characters(): void {
+		$css       = 'background: url(old.jpg);';
+		$processor = WP_CSS_Token_Processor::create( $css );
+
+		while ( $processor->next_token() ) {
+			if ( WP_CSS_Token_Processor::TOKEN_URL === $processor->get_token_type() ) {
+				// URL with newlines and carriage returns.
+				$processor->set_token_value( "path\nwith\rnewlines\ftest.jpg" );
+			}
+		}
+
+		$updated = $processor->get_updated_css();
+
+		$this->assertSame( 'background: url("path\\A with\\A newlines\\A test.jpg");', $updated );
+	}
+
+	/**
+	 * Tests that backslashes are properly escaped in quoted URLs.
+	 */
+	public function test_set_token_value_escapes_backslashes(): void {
+		$css       = 'background: url(old.jpg);';
+		$processor = WP_CSS_Token_Processor::create( $css );
+
+		while ( $processor->next_token() ) {
+			if ( WP_CSS_Token_Processor::TOKEN_URL === $processor->get_token_type() ) {
+				$processor->set_token_value( 'path\\with\\backslashes.jpg' );
+			}
+		}
+
+		$updated = $processor->get_updated_css();
+
+		// Verify backslashes are escaped as \\.
+		$this->assertSame( 'background: url("path\\5C with\\5C backslashes.jpg");', $updated );
+	}
+
+	/**
+	 * Tests that get_updated_css() returns original CSS when no changes are made.
+	 */
+	public function test_get_updated_css_returns_original_when_unchanged(): void {
+		$css       = 'background: url(image.jpg); color: red;';
+		$processor = WP_CSS_Token_Processor::create( $css );
+
+		// Iterate through tokens without making changes.
+		while ( $processor->next_token() ) {
+			// Do nothing.
+		}
+
+		$updated = $processor->get_updated_css();
+
+		// Should return original CSS.
+		$this->assertSame( $css, $updated );
+	}
+
+	/**
+	 * Tests that safe ASCII characters are preserved in quoted URLs.
+	 */
+	public function test_set_token_value_preserves_safe_characters(): void {
+		$css       = 'background: url(old.jpg);';
+		$processor = WP_CSS_Token_Processor::create( $css );
+
+		while ( $processor->next_token() ) {
+			if ( WP_CSS_Token_Processor::TOKEN_URL === $processor->get_token_type() ) {
+				// URL with safe characters: letters, digits, hyphens, underscores, dots, slashes.
+				$processor->set_token_value( 'path/to/my-image_2024.jpg' );
+			}
+		}
+
+		$updated = $processor->get_updated_css();
+
+		// Verify safe characters are preserved as-is in quoted URL.
+		$this->assertSame( 'background: url("path/to/my-image_2024.jpg");', $updated );
+	}
+
+	/**
+	 * Tests that safe ASCII characters are preserved in quoted URLs.
+	 */
+	public function test_set_token_with_invalid_utf8_sequence(): void {
+		$css       = 'background: url(old.jpg);';
+		$processor = WP_CSS_Token_Processor::create( $css );
+
+		while ( $processor->next_token() ) {
+			if ( WP_CSS_Token_Processor::TOKEN_URL === $processor->get_token_type() ) {
+				// URL with safe characters: letters, digits, hyphens, underscores, dots, slashes.
+				$processor->set_token_value( "\xC0.jpg" );
+			}
+		}
+
+		$updated = $processor->get_updated_css();
+
+		// Invalid UTF-8 sequence is preserved as-is – garbage in, garbage out.
+		$this->assertSame( "background: url(\"\xC0.jpg\");", $updated );
+	}
+
+	/**
+	 * Test bounds check when consuming and ident start token.
+	 */
+	public function test_ident_start_codepoint_bounds_check(): void {
+		$processor       = WP_CSS_Token_Processor::create( '-' );
+		$actual_tokens   = $this->collect_tokens( $processor, array( 'type', 'raw' ) );
+		$expected_tokens = array(
+			array(
+				'type' => WP_CSS_Token_Processor::TOKEN_DELIM,
+				'raw'  => '-',
+			),
+		);
+		$this->assertSame( $expected_tokens, $actual_tokens );
+	}
+}
diff --git a/tests/phpunit/tests/fonts/font-library/wpFontCollection/getData.php b/tests/phpunit/tests/fonts/font-library/wpFontCollection/getData.php
index 97ea664d4867d..96112717b5960 100644
--- a/tests/phpunit/tests/fonts/font-library/wpFontCollection/getData.php
+++ b/tests/phpunit/tests/fonts/font-library/wpFontCollection/getData.php
@@ -177,13 +177,13 @@ public function data_create_font_collection() {
 								'name'       => 'Open Sans',
 								'fontFace'   => array(
 									array(
-										'fontFamily' => 'Open Sans',
+										'fontFamily' => '"Open Sans"',
 										'fontStyle'  => 'normal',
 										'fontWeight' => '400',
 										'src'        => 'https://example.com/src-as-string.ttf?a=',
 									),
 									array(
-										'fontFamily' => 'Open Sans',
+										'fontFamily' => '"Open Sans"',
 										'fontStyle'  => 'normal',
 										'fontWeight' => '400',
 										'src'        => array(
diff --git a/tests/phpunit/tests/fonts/font-library/wpFontUtils/normalizeCssFontFaceFontFamily.php b/tests/phpunit/tests/fonts/font-library/wpFontUtils/normalizeCssFontFaceFontFamily.php
new file mode 100644
index 0000000000000..2470268f3685a
--- /dev/null
+++ b/tests/phpunit/tests/fonts/font-library/wpFontUtils/normalizeCssFontFaceFontFamily.php
@@ -0,0 +1,58 @@
+<?php
+/**
+ * Test WP_Font_Utils::normalize_css_font_face_font_family().
+ *
+ * @package WordPress
+ * @subpackage Font Library
+ *
+ * @group fonts
+ * @group font-library
+ *
+ * @covers WP_Font_Utils::normalize_css_font_face_font_family
+ */
+class Tests_Fonts_WpFontUtils_normalizeCssFontFaceFontFamily extends WP_UnitTestCase {
+	/**
+	 * @ticket TBD
+	 *
+	 * @dataProvider data_provider
+	 */
+	public function test_normalize_css_font_face_font_family( string $input, ?string $expected ): void {
+		$result = WP_Font_Utils::normalize_css_font_face_font_family( $input );
+		$this->assertSame( $expected, $result );
+
+		// Idempotency check.
+		if ( null !== $result ) {
+			$this->assertSame( $result, WP_Font_Utils::normalize_css_font_face_font_family( $result ) );
+		}
+	}
+
+	/**
+	 * Data provider.
+	 */
+	public static function data_provider(): Generator {
+		// Valid CSS font-family
+		yield 'Already normalized' => array( '"Font"', '"Font"' );
+		yield 'Unquoted' => array( 'Font', '"Font"' );
+		yield 'Multiple idents' => array( 'Font Name', '"Font Name"' );
+		yield 'Idents and whitespace normalized' => array( "A\nB\rC\r\nD\tE\fF", '"A B C D E F"' );
+		yield 'Ident escapes normalized' => array( 'F\\o\\n\\74  \\34 2\\21', '"Font 42!"' );
+		yield 'String escapes normalized' => array( '"F\\o\\n\\74  \\"\\34 2\\21\\""', '"Font \\22 42!\\22 "' );
+
+		// Discard excess
+		yield 'String + ident' => array( '"string"strip', '"string"' );
+		yield 'String + number' => array( '"string"0', '"string"' );
+		yield 'String + ,' => array( '"string",', '"string"' );
+		yield 'Ident + ,' => array( 'ident,', '"ident"' );
+
+		// Invalid CSS font-family is treated as a plain string.
+		yield 'Input with stray single quote' => array( "O'er the rainbow", '"O\27 er the rainbow"' );
+		yield 'Input with stray double quote' => array( 'Oop"sie', '"Oop\22 sie"' );
+		yield 'Number' => array( 'Libre Barcode 128 Text', '"Libre Barcode 128 Text"' );
+		yield 'PX unit number' => array( '10px rest', '"10px rest"' );
+		yield '% unit number' => array( '10px rest', '"10px rest"' );
+		yield 'Weird unit number' => array( '20xYz rest', '"20xYz rest"' );
+		yield 'Negative number' => array( '-30deg rest', '"-30deg rest"' );
+		yield 'Positive number' => array( '+40rad rest', '"+40rad rest"' );
+		yield 'Whitespace is trimmed' => array( " \t\n\r\f Oh no 42 \t\f\r\n", '"Oh no 42"' );
+	}
+}
diff --git a/tests/phpunit/tests/fonts/font-library/wpFontUtils/normalizeCssFontFamily.php b/tests/phpunit/tests/fonts/font-library/wpFontUtils/normalizeCssFontFamily.php
new file mode 100644
index 0000000000000..0c1136b70ec54
--- /dev/null
+++ b/tests/phpunit/tests/fonts/font-library/wpFontUtils/normalizeCssFontFamily.php
@@ -0,0 +1,70 @@
+<?php
+/**
+ * Test WP_Font_Utils::normalize_css_font_family().
+ *
+ * @package WordPress
+ * @subpackage Font Library
+ *
+ * @group fonts
+ * @group font-library
+ *
+ * @covers WP_Font_Utils::normalize_css_font_family
+ */
+class Tests_Fonts_WpFontUtils_normalizeCssFontFamily extends WP_UnitTestCase {
+	/**
+	 * @ticket TBD
+	 *
+	 * @dataProvider data_provider
+	 */
+	public function test_normalize_css_font_family( string $input, string $expected ): void {
+		$result = WP_Font_Utils::normalize_css_font_family( $input );
+		$this->assertSame( $expected, $result );
+
+		// Idempotency check — normalizing the result should produce the same result.
+		$this->assertSame( $result, WP_Font_Utils::normalize_css_font_family( $result ), 'Normalization must be idempotent.' );
+	}
+
+	/**
+	 * Data provider.
+	 */
+	public static function data_provider(): Generator {
+		// Single idents.
+		yield 'Simple ident' => array( 'serif', 'serif' );
+		yield 'Hyphenated ident' => array( 'sans-serif', 'sans-serif' );
+		yield 'Custom ident' => array( 'Font', 'Font' );
+		yield 'CamelCase ident' => array( 'MyFont', 'MyFont' );
+		yield 'Ident with underscore' => array( 'My_Font', 'My_Font' );
+		yield 'Ident with backslash escape' => array( 'Font\\\'s', 'Font\\27 s' );
+		yield 'Ident with hex escape' => array( 'F\\6fnt', 'Font' );
+
+		// Multi-ident sequences (each ident normalized, joined by single space).
+		yield 'Two idents' => array( 'Font Name', 'Font Name' );
+		yield 'Three idents' => array( 'Times New Roman', 'Times New Roman' );
+		yield 'Extra whitespace between idents' => array( 'Font  Name', 'Font Name' );
+
+		// Strings (re-encoded via WP_CSS_Builder::string()).
+		yield 'Double-quoted string' => array( '"Font"', '"Font"' );
+		yield 'Double-quoted string with spaces' => array( '"Times New Roman"', '"Times New Roman"' );
+		yield 'Single-quoted string' => array( "'Font'", '"Font"' );
+
+		// generic() function.
+		yield 'generic function' => array( 'generic(fangsong)', 'generic(fangsong)' );
+		yield 'generic function with whitespace' => array( 'generic( fangsong )', 'generic(fangsong)' );
+
+		// Comma-separated lists.
+		yield 'Two generic families' => array( 'serif, sans-serif', 'serif, sans-serif' );
+		yield 'String and generic' => array( '"Times New Roman", serif', '"Times New Roman", serif' );
+		yield 'Idents and generic' => array( 'Times New Roman, serif', 'Times New Roman, serif' );
+		yield 'Whitespace around commas' => array( '  serif  ,  sans-serif  ', 'serif, sans-serif' );
+		yield 'Mixed types' => array( 'serif, "My Font", generic(fangsong)', 'serif, "My Font", generic(fangsong)' );
+		yield 'Escaped ident in list' => array( 'Font\\\'s, serif', 'Font\\27 s, serif' );
+
+		// Invalid inputs — return empty string.
+		yield 'Empty string' => array( '', '' );
+		yield 'Whitespace only' => array( '   ', '' );
+		yield 'Trailing comma' => array( 'serif,', '' );
+		yield 'Leading comma' => array( ',serif', '' );
+		yield 'Double comma' => array( 'serif,,sans-serif', '' );
+		yield 'Empty generic function' => array( 'generic()', '' );
+	}
+}
diff --git a/tests/phpunit/tests/fonts/font-library/wpRestFontFacesController.php b/tests/phpunit/tests/fonts/font-library/wpRestFontFacesController.php
index 19a2a6a86b8b0..0214f4485439f 100644
--- a/tests/phpunit/tests/fonts/font-library/wpRestFontFacesController.php
+++ b/tests/phpunit/tests/fonts/font-library/wpRestFontFacesController.php
@@ -885,7 +885,7 @@ public function data_sanitize_font_face_settings() {
 					'preview'               => "   https://example.com/</style><script>alert('XSS');</script>      ",
 				),
 				'expected' => array(
-					'fontFamily'            => '"Open Sans"',
+					'fontFamily'            => '"Open   Sans\\3C /style\\3E \\3C script\\3E alert(\\27 XSS\\27 )\\3B \\3C /script\\3E "',
 					'fontStyle'             => 'oblique 20deg 50deg',
 					'fontWeight'            => '200',
 					'src'                   => 'https://example.com//stylescriptalert(\'XSS\');/script%20%20%20%20%20%20',