We’ve just discovered a bug/issue with entering values into any WP Customizer text box, and with any theme (NOT just Weaver Xtreme).
Just FYI, so you can see an example of weird things computers can do, here’s a copy of my official bug report to WordPress:
Customizer Save & Publish fails if /*SQL-COMMAND in text box (only on some hosts)
On SOME hosts, the Customizer “Save & Publish” fails if text with “/*SQL-COMMAND” is included in any text box with apparently any theme.
For example, on an appropriate hosting company, activate TwentySixteen. Open the Customize : Site Identity tab, and enter a value into the Tagline box (or really, any text box will do). Then try Save & Publish. Normally this will work. BUT, if the string is something like /*insert or /*delete or any other SQL command I tried, the string will show in the preview window, but Save & Publish does not work, and the value is not saved in the settings.
I could only test this on a limited number of hosts, including a couple of different BlueHost shared hosting boxes, and a GreenGeeks box. The issue does NOT show on a BlueHost VPS box, nor my Mac MAMP dev system.
I looked at whatever I could, but could not nail down just where/who was causing the issue. This is possibly not a WP bug, but is still a real issue as plenty of users have cheap host like BlueHost or GreenGeeks, so I think it needs to be addressed.
I would suspect some kind of failed attempt on the hosting configuration to stop SQL injection attacks, but who knows.
If you’re wondering how we found this, @scramber was working on some Custom CSS rules, and had added a CSS comment “/* Insert styling rules for HTML section */”, and the CSS would not save from the customizer. So this is a real-world example of a totally legitimate value to enter into a CSS box that breaks the Customizer on some hosting companies.