diff --git a/bin/amphtml-update.py b/bin/amphtml-update.py
index 16915981377..302bd93b294 100755
--- a/bin/amphtml-update.py
+++ b/bin/amphtml-update.py
@@ -76,7 +76,10 @@ def GenValidatorProtoascii(validator_directory, out_dir):
 	"""
 	logging.info('entering ...')
 
-	protoascii_segments = [open(os.path.join(validator_directory, 'validator-main.protoascii')).read()]
+	protoascii_segments = [
+		open(os.path.join(validator_directory, 'validator-main.protoascii')).read(),
+		open(os.path.join(validator_directory, 'validator-css.protoascii')).read()
+	]
 	extensions = glob.glob(os.path.join(validator_directory, '../extensions/*/validator-*.protoascii'))
 	extensions.sort()
 	for extension in extensions:
@@ -445,10 +448,12 @@ def GetTagSpec(tag_spec, attr_lists):
 			if isinstance(field_value, (unicode, str, bool, int)):
 				cdata_dict[ field_descriptor.name ] = field_value
 			elif isinstance( field_value, google.protobuf.pyext._message.RepeatedCompositeContainer ):
-				cdata_dict[ field_descriptor.name ] = {}
+				cdata_dict[ field_descriptor.name ] = []
 				for value in field_value:
+					entry = {}
 					for (key,val) in value.ListFields():
-						cdata_dict[ field_descriptor.name ][ key.name ] = val
+						entry[ key.name ] = val
+					cdata_dict[ field_descriptor.name ].append( entry )
 			elif hasattr( field_value, '_values' ):
 				cdata_dict[ field_descriptor.name ] = {}
 				for _value in field_value._values:
@@ -482,10 +487,11 @@ def GetTagSpec(tag_spec, attr_lists):
 				cdata_dict['css_spec'] = css_spec
 		if len( cdata_dict ) > 0:
 			if 'blacklisted_cdata_regex' in cdata_dict:
-				if 'error_message' not in cdata_dict['blacklisted_cdata_regex']:
-					raise Exception( 'Missing error_message for blacklisted_cdata_regex.' );
-				if cdata_dict['blacklisted_cdata_regex']['error_message'] not in ( 'CSS !important', 'contents', 'html comments' ):
-					raise Exception( 'Unexpected error_message "%s" for blacklisted_cdata_regex.' % cdata_dict['blacklisted_cdata_regex']['error_message'] );
+				for entry in cdata_dict['blacklisted_cdata_regex']:
+					if 'error_message' not in entry:
+						raise Exception( 'Missing error_message for blacklisted_cdata_regex.' );
+					if entry['error_message'] not in ( 'contents', 'html comments', 'CSS i-amphtml- name prefix' ):
+						raise Exception( 'Unexpected error_message "%s" for blacklisted_cdata_regex.' % entry['error_message'] );
 			tag_spec_dict['cdata'] = cdata_dict
 
 	if 'spec_name' not in tag_spec_dict['tag_spec']:
@@ -674,6 +680,13 @@ def GetAttrs(attrs):
 
 		if value_dict is not None:
 
+			# Skip rules for dev mode attributes since the AMP plugin will allow them to pass through.
+			# See <https://github.com/ampproject/amphtml/pull/27174#issuecomment-601391161> for how the rules are
+			# defined in a way that they can never be satisfied, and thus to make the attribute never allowed.
+			# This runs contrary to the needs of the AMP plugin, as the internal sanitizers are built to ignore them.
+			if 'data-ampdevmode' == attr_spec.name:
+				continue
+
 			# Normalize bracketed amp-bind attribute syntax to data-amp-bind-* syntax.
 			name = attr_spec.name
 			if name[0] == '[':
diff --git a/includes/sanitizers/class-amp-allowed-tags-generated.php b/includes/sanitizers/class-amp-allowed-tags-generated.php
index bca40da77a6..118cc5c1c12 100644
--- a/includes/sanitizers/class-amp-allowed-tags-generated.php
+++ b/includes/sanitizers/class-amp-allowed-tags-generated.php
@@ -13,7 +13,7 @@
  */
 class AMP_Allowed_Tags_Generated {
 
-	private static $spec_file_revision = 1012;
+	private static $spec_file_revision = 1028;
 	private static $minimum_validator_revision_required = 375;
 
 	private static $descendant_tag_lists = array(
@@ -566,6 +566,7 @@ class AMP_Allowed_Tags_Generated {
 								'bbmi',
 								'chrome',
 								'itms-services',
+								'facetime',
 								'fb-me',
 								'fb-messenger',
 								'feed',
@@ -4070,6 +4071,7 @@ class AMP_Allowed_Tags_Generated {
 							'allow_relative' => true,
 							'protocol' => array(
 								'https',
+								'amp-state',
 							),
 						),
 					),
@@ -5784,6 +5786,9 @@ class AMP_Allowed_Tags_Generated {
 		'amp-story-grid-layer' => array(
 			array(
 				'attr_spec_list' => array(
+					'aspect-ratio' => array(
+						'value_regex' => '\\d+:\\d+',
+					),
 					'position' => array(
 						'value' => array(
 							'landscape-half-left',
@@ -8973,7 +8978,14 @@ class AMP_Allowed_Tags_Generated {
 		),
 		'html' => array(
 			array(
-				'attr_spec_list' => array(),
+				'attr_spec_list' => array(
+					'data-amp-autocomplete-opt-in' => array(
+						'blacklisted_value_regex' => 'false',
+						'value' => array(
+							'false',
+						),
+					),
+				),
 				'tag_spec' => array(
 					'mandatory' => true,
 					'mandatory_parent' => '!doctype',
@@ -11941,8 +11953,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'contents',
-						'regex' => '.',
+						array(
+							'error_message' => 'contents',
+							'regex' => '.',
+						),
 					),
 				),
 				'tag_spec' => array(
@@ -11982,8 +11996,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'contents',
-						'regex' => '.',
+						array(
+							'error_message' => 'contents',
+							'regex' => '.',
+						),
 					),
 				),
 				'tag_spec' => array(
@@ -12007,8 +12023,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 				),
 				'tag_spec' => array(
@@ -12034,8 +12052,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 				),
 				'tag_spec' => array(
@@ -12056,8 +12076,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 				),
 				'tag_spec' => array(
@@ -12274,8 +12296,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 				),
 				'tag_spec' => array(
@@ -12482,8 +12506,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 				),
 				'tag_spec' => array(
@@ -12568,8 +12594,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 				),
 				'tag_spec' => array(
@@ -12743,8 +12771,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 				),
 				'tag_spec' => array(
@@ -12858,8 +12888,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 					'max_bytes' => 100000,
 					'max_bytes_spec_url' => 'https://amp.dev/documentation/components/amp-bind#state',
@@ -13127,8 +13159,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 				),
 				'tag_spec' => array(
@@ -13394,8 +13428,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 					'max_bytes' => 15000,
 					'max_bytes_spec_url' => 'https://amp.dev/documentation/components/amp-experiment#configuration',
@@ -13719,8 +13755,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 				),
 				'tag_spec' => array(
@@ -14315,8 +14353,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 				),
 				'tag_spec' => array(
@@ -14592,8 +14632,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 				),
 				'tag_spec' => array(
@@ -15164,8 +15206,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 					'max_bytes' => 10000,
 					'max_bytes_spec_url' => 'https://amp.dev/documentation/components/amp-script#faq',
@@ -15462,8 +15506,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 				),
 				'tag_spec' => array(
@@ -15507,6 +15553,7 @@ class AMP_Allowed_Tags_Generated {
 			),
 			array(
 				'attr_spec_list' => array(
+					'nonce' => array(),
 					'type' => array(
 						'dispatch_key' => 3,
 						'mandatory' => true,
@@ -15537,8 +15584,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 				),
 				'tag_spec' => array(
@@ -15564,8 +15613,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 					'max_bytes' => 15000,
 					'max_bytes_spec_url' => 'https://amp.dev/documentation/components/amp-experiment#configuration',
@@ -15625,8 +15676,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 				),
 				'tag_spec' => array(
@@ -15714,8 +15767,10 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'html comments',
-						'regex' => '<!--',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
 					),
 				),
 				'tag_spec' => array(
@@ -16606,8 +16661,14 @@ class AMP_Allowed_Tags_Generated {
 				),
 				'cdata' => array(
 					'blacklisted_cdata_regex' => array(
-						'error_message' => 'CSS !important',
-						'regex' => '!\\s*important',
+						array(
+							'error_message' => 'html comments',
+							'regex' => '<!--',
+						),
+						array(
+							'error_message' => 'CSS i-amphtml- name prefix',
+							'regex' => '(^|\\W)i-amphtml-',
+						),
 					),
 					'css_spec' => array(
 						'allowed_at_rules' => array(
@@ -18238,6 +18299,7 @@ class AMP_Allowed_Tags_Generated {
 	private static $layout_allowed_attrs = array(
 		'data-amp-bind-height' => array(),
 		'data-amp-bind-width' => array(),
+		'disable-inline-width' => array(),
 		'height' => array(),
 		'heights' => array(),
 		'layout' => array(),
diff --git a/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php b/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
index 6e88f80ba50..6c9cd9e504b 100644
--- a/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
+++ b/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
@@ -44,7 +44,7 @@ class AMP_Tag_And_Attribute_Sanitizer extends AMP_Base_Sanitizer {
 	const DUPLICATE_UNIQUE_TAG                 = 'DUPLICATE_UNIQUE_TAG';
 	const MANDATORY_CDATA_MISSING_OR_INCORRECT = 'MANDATORY_CDATA_MISSING_OR_INCORRECT';
 	const CDATA_TOO_LONG                       = 'CDATA_TOO_LONG';
-	const INVALID_CDATA_CSS_IMPORTANT          = 'INVALID_CDATA_CSS_IMPORTANT';
+	const INVALID_CDATA_CSS_I_AMPHTML_NAME     = 'INVALID_CDATA_CSS_I_AMPHTML_NAME';
 	const INVALID_CDATA_CONTENTS               = 'INVALID_CDATA_CONTENTS';
 	const INVALID_CDATA_HTML_COMMENTS          = 'INVALID_CDATA_HTML_COMMENTS';
 	const JSON_ERROR_CTRL_CHAR                 = 'JSON_ERROR_CTRL_CHAR';
@@ -922,21 +922,23 @@ private function validate_cdata_for_node( DOMElement $element, $cdata_spec ) {
 			];
 		}
 		if ( isset( $cdata_spec['blacklisted_cdata_regex'] ) ) {
-			if ( preg_match( '@' . $cdata_spec['blacklisted_cdata_regex']['regex'] . '@u', $element->textContent ) ) {
-				if ( isset( $cdata_spec['blacklisted_cdata_regex']['error_message'] ) ) {
-					// There are only a few error messages, so map them to error codes.
-					switch ( $cdata_spec['blacklisted_cdata_regex']['error_message'] ) {
-						case 'CSS !important':
-							return [ 'code' => self::INVALID_CDATA_CSS_IMPORTANT ];
-						case 'contents':
-							return [ 'code' => self::INVALID_CDATA_CONTENTS ];
-						case 'html comments':
-							return [ 'code' => self::INVALID_CDATA_HTML_COMMENTS ];
+			foreach ( $cdata_spec['blacklisted_cdata_regex'] as $blacklisted_cdata_regex ) {
+				if ( preg_match( '@' . $blacklisted_cdata_regex['regex'] . '@u', $element->textContent ) ) {
+					if ( isset( $blacklisted_cdata_regex['error_message'] ) ) {
+						// There are only a few error messages, so map them to error codes.
+						switch ( $blacklisted_cdata_regex['error_message'] ) {
+							case 'CSS i-amphtml- name prefix':
+								return [ 'code' => self::INVALID_CDATA_CSS_I_AMPHTML_NAME ]; // @todo This really should be done as part of the CSS sanitizer.
+							case 'contents':
+								return [ 'code' => self::INVALID_CDATA_CONTENTS ];
+							case 'html comments':
+								return [ 'code' => self::INVALID_CDATA_HTML_COMMENTS ];
+						}
 					}
-				}
 
-				// Note: This fallback case is not currently reachable because all error messages are accounted for in the switch statement.
-				return [ 'code' => self::CDATA_VIOLATES_BLACKLIST ];
+					// Note: This fallback case is not currently reachable because all error messages are accounted for in the switch statement.
+					return [ 'code' => self::CDATA_VIOLATES_BLACKLIST ];
+				}
 			}
 		} elseif ( isset( $cdata_spec['cdata_regex'] ) ) {
 			$delimiter = false === strpos( $cdata_spec['cdata_regex'], '@' ) ? '@' : '#';
diff --git a/includes/validation/class-amp-validation-error-taxonomy.php b/includes/validation/class-amp-validation-error-taxonomy.php
index 8a6501b67cd..ae2e704d461 100644
--- a/includes/validation/class-amp-validation-error-taxonomy.php
+++ b/includes/validation/class-amp-validation-error-taxonomy.php
@@ -3042,7 +3042,7 @@ public static function get_error_title_from_code( $validation_error ) {
 			case AMP_Tag_And_Attribute_Sanitizer::CDATA_TOO_LONG:
 			case AMP_Tag_And_Attribute_Sanitizer::MANDATORY_CDATA_MISSING_OR_INCORRECT:
 			case AMP_Tag_And_Attribute_Sanitizer::INVALID_CDATA_HTML_COMMENTS:
-			case AMP_Tag_And_Attribute_Sanitizer::INVALID_CDATA_CSS_IMPORTANT:
+			case AMP_Tag_And_Attribute_Sanitizer::INVALID_CDATA_CSS_I_AMPHTML_NAME:
 			case AMP_Tag_And_Attribute_Sanitizer::INVALID_CDATA_CONTENTS:
 			case AMP_Tag_And_Attribute_Sanitizer::CDATA_VIOLATES_BLACKLIST:
 				return esc_html__( 'Illegal text content', 'amp' );
diff --git a/tests/php/test-tag-and-attribute-sanitizer.php b/tests/php/test-tag-and-attribute-sanitizer.php
index 4c4856e8554..5e15b0d2e39 100644
--- a/tests/php/test-tag-and-attribute-sanitizer.php
+++ b/tests/php/test-tag-and-attribute-sanitizer.php
@@ -2143,7 +2143,7 @@ static function() {
 
 			'amp-script-5'                                 => [
 				'
-					<amp-script script="myScript" layout="container"></amp-script>
+					<amp-script script="myScript" layout="container" data-ampdevmode></amp-script>
 					<script type="text/plain" target="amp-script" id="myScript">
 					document.body.textContent += \'Hello world!\';
 					</script>
@@ -2452,6 +2452,11 @@ static function() {
 				null,
 			],
 
+			'disable-inline-width'                         => [
+				'<amp-img layout="intrinsic" height="160" width="480" disable-inline-width src="https://example.com/elva-fairy-800w.jpg" srcset="https://example.com/elva-fairy-480w.jpg 480w, https://example.com/elva-fairy-800w.jpg 800w" sizes="(max-width: 600px) 480px, 800px"></amp-img>',
+				null,
+			],
+
 			'amp-inline-gallery'                           => [
 				'
 				<amp-inline-gallery layout="container">
@@ -2970,11 +2975,17 @@ public function get_html_data() {
 					],
 				],
 			],
-			'cdata_css_important'                     => [
-				'<html amp><head><meta charset="utf-8"><style amp-custom>body { outline: solid 1px red !important; }</style></head><body></body></html>',
+			'cdata_css_i_amphtml_name'                => [
+				'<html amp><head><meta charset="utf-8"><style amp-custom>i-amphtml-scroll-container { outline: solid 1px red; }</style></head><body></body></html>',
 				'<html amp><head><meta charset="utf-8"></head><body></body></html>',
 				[],
-				[ AMP_Tag_And_Attribute_Sanitizer::INVALID_CDATA_CSS_IMPORTANT ],
+				[ AMP_Tag_And_Attribute_Sanitizer::INVALID_CDATA_CSS_I_AMPHTML_NAME ],
+			],
+			'cdata_css_html_comment'                  => [
+				'<html amp><head><meta charset="utf-8"><style amp-custom>/* <!-- not good --> */</style></head><body></body></html>',
+				'<html amp><head><meta charset="utf-8"></head><body></body></html>',
+				[],
+				[ AMP_Tag_And_Attribute_Sanitizer::INVALID_CDATA_HTML_COMMENTS ],
 			],
 			'cdata_contents_bad_comment'              => [
 				'<html><head><meta charset="utf-8"><script type="application/ld+json"><!--{"@context":"http:\/\/schema.org"}--></script></head><body></body></html>',