diff --git a/wp-includes/kses.php b/wp-includes/kses.php
index 1aace6c4fa..f1372fbd52 100644
--- a/wp-includes/kses.php
+++ b/wp-includes/kses.php
@@ -2301,13 +2301,24 @@ function safecss_filter_attr( $css, $deprecated = '' ) {
 			}
 		}
 
-		// Remove any CSS containing containing \ ( & } = or comments, except for url() useage checked above.
-		if ( $found && ! preg_match( '%[\\\(&=}]|/\*%', $css_test_string ) ) {
-			if ( '' !== $css ) {
-				$css .= ';';
+		if ( $found ) {
+			/**
+			 * Filters the regex limiting the list of characters not allowed in CSS rules.
+			 *
+			 * Default behaviour is to remove any css containing \ ( & } = or comments, except for url() usage.
+			 *
+			 * @since 5.5.0
+			 *
+			 * @param string $regex           Regex pattern of disallowed characters in CSS rules. Default is '%[\\\(&=}]|/\*%'.
+			 * @param string $css_test_string CSS value to test.
+			 */
+			$disallowed_chars = apply_filters( 'safe_style_disallowed_chars', '%[\\\(&=}]|/\*%', $css_test_string );
+			if ( ! preg_match( $disallowed_chars, $css_test_string ) ) {
+				if ( '' !== $css ) {
+					$css .= ';';
+				}
+				$css .= $css_item;
 			}
-
-			$css .= $css_item;
 		}
 	}
 
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 261a212db4..5479a96f5e 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.5-alpha-47889';
+$wp_version = '5.5-alpha-47891';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.