The Shortcode API is well loved by developers. Thousands of plugins use it for many cool features.
Unfortunately it wasn’t documented well when it was added. Even now the documentation is somewhat incomplete. The API was also very permissive, allowing many unintended user cases.
The result of these early mistakes is that there are plugins which use shortcodes in very unintended ways: mixed with HTML tags, nested several levels deep, with huge attributes, etc.
What are shortcodes:
- With one word: placeholders.
- Convenient way to add dynamic content inside
post_contentat run time.
What shortcodes are not:
- A way to conceal user input in
- A way to store any type of data in
post_content. There are better places and methods for that, like post meta.
Shortcodes “live” in the same context as HTML tags. They should obey the same rules. Also — no interlinking between HTML tags and shortcodes. Think of the
] being equal to
<p title="<b>my title</b>"> and
[paragraph title="<b>my title</b>"] should be illegal for the same reasons. Also
<p title="[my-span]">. I know the current shortcodes parser mostly supports these, and some plugins use them, but that will probably need to change “for the greater good”.
There is simply no good reason for trying to support mixing of shortcodes and tags with the current parser. These cases take longer time and more resources on every front-end page load. They require much more complex code to sanitize and ensure they are safe to run. If plugins cannot operate without mixing shortcodes and HTML tags, they will eventually have to implement their own placeholders and parsers, and ensure all data is sanitized properly. This will require a lot less time, effort and processing as the plugins would know what to expect.
We’ve been talking about this with @miqrogroove for a while now. There are several very interesting suggestions in his post on the subject:
We both agree that we need to create shortcodes roadmap, similar to the taxonomy roadmap. This will allow us to fix the shortcomings in the Shortcode API and clear the path for future improvements.