Dev Chat Summary: May 29th, 2019


@chanthaboune announced that since 5.2 has been successfully released, work will be resuming on the Team Leadership training. A blog post on will be published for anyone wanting to help review the training materials or otherwise indicate they are interested in learning more about how leads lead in WordPress.

WordPress 5.2.2 Updates

5.2.2 co-lead @marybaum updated the agenda with the following proposed dates for bug scrubs and releases:

Bug Scrub: Wednesday, May 29, 2019, 14:00 UTC
Bug Scrub: Thursday, May 30, 2019, 18:00 UTC
Release Candidate 1: Monday, June 3, 2019, 19:00 UTC
Bug Scrub: Thursday, June 6, 2019, 20:00 UTC
Release Candidate 2: Monday, June 10, 2019, 16:00 UTC
Final Release: Thursday, June 13, 2019, 16:00 CDT

Special thanks to @desrosj, @karmatosed, and @audrasjb who led bug scrubs in the past week!

Finally, requesting release packagers be available for the scheduled RC1 release on Monday, June 3, 2019.

WordPress 5.3 Updates

Owners of tickets currently milestoned for 5.3 are encouraged to triage them appropriately. If, as a ticket owner, you are unable to volunteer any time to your tickets in this cycle, please unassign yourself. I’d much rather know for sure that I have spots to fill/tickets to move than let anyone feel unnecessary guilt.

A few components are still assessing potential features to focus on. Once those are settled and focus leads have volunteered, then a finalized timeline for the release can be set. A mid- to late-August timeframe was hoped for, but maintainers were clear that expected features/focuses should be decided upon before more firmly committing to a final timeline. There’s no official, rigid requirement of an August release of WordPress 5.3.

@spacedmonkey asked if any key features have been announced for 5.3. @chanthaboune indicated that nothing is solid yet, and more confidence from maintainers about features that can reasonably completed for 5.3 is needed.

@spacedmonkey also inquired about what Gutenberg features should be expected for 5.3. @aduth pointed to a previous #core-editor chat that laid out the expected goals for Gutenberg updates in 5.3.

One of the aforementioned goals was a navigation block in Gutenberg. @spacedmonkey asked whether the new block will use existing menus from WordPress core. This spawned some debate between contributors about how menu data should be stored and the various admin interfaces used to interact with them. No decisions were made, and continuing discussion is encouraged on the relevant tickets at and See the Slack conversation for more of the debate.

Updates from component maintainers

Tickets were to be discussed, but time ran short, so they are included here for some additional visibility.


General Announcements and Open Floor

@sergey asked to open a conversation around changing the invalid and worksforme ticket resolutions in Trac to something more neutral and less confusing for users. The suggested change is: invalidnot-applicable and worksformenot-reproducible. @chanthaboune suggested a Make post for that discussion to allow for a more in-depth discussion.

@desrosj raised a flag for the current, expected size of the upcoming 5.2.2 release. At the time of the chat, there were only 13 tickets in the milestone. Based on past precedent, the release seems to be a bit under the threshold of what usually warrants a minor release. No decision was made, and a make/core post will be created to prompt more discussion of the topic.

Finally, @xkon announced that #core-privacy code has been split into its own files, adhering more to the WordPress Coding Standards and helping with maintainability. Given the better code organization/separation of concerns, now’s a good time to get involved with #core-privacy.

Thanks to all the attendees and everyone else that contributes to WordPress! These notes were taken by @davidbaumwald and proofread by @chanthaboune.

#5-2-2, #5-3#devchat#summary

#core-privacy April update

This is a cumulative update for #core-privacy office hours and bug scrubs held in April 2019.

Office hours are held every Wednesday at 19:00 UTC in the #core-privacy channel on Making WordPress Slack. Bug scrubs are Mondays at 15:00 UTC.

5.2 release

5.2 has been a monumental team effort by core-privacy. The team has shipped all 24 of its tickets earmarked for the release. These included 15 bugfixes and 9 enhancements.

Special props go to @garrett-eclipse for being the driving force behind the team’s 5.2 ticket success.

The “biggest win” was #44005, introducing the new privacy policy page helpers.

General fixes include:

#46098 – The Privacy Policy guide help notice is now displayed on both the classic editor and the block editor.

#44707 – Users are now able to make additional requests when identical previous requests are in a complete or archived state.

#44644 – The ‘Download Personal Data’ admin action no longer triggers a completion of the request.

Also in 5.2 some privacy nags were removed; post-4.9.6, these notifications had served their purpose:

#45999 – Remove the Privacy Pointer

#46819 – Remove the Privacy Bubble

Some i18N-Privacy wins were:

#44721 – The Personal Data Erasure Fulfillment email is now in the User’s Locale

#46056 – The Personal Data Export email is now in the User’s Locale

Tickets shipped since the March team update included #44175, #44644, #44047, #46819, and #46098. Props @knutsp, @desrosj, @joshuawold, @birgire, @mechter, @subrataemfluence, @xkon, @saimonh, @audrasjb, @dejliglama, @ianbelanger, @iandunn, @pento, @sergeybiryukov.

@earnjam wrote a post in Make/Core on the developer-focused privacy updates in 5.2.

@williampatton wrote a dev note in Make/Themes on the new privacy policy page helpers coming in 5.2.

5.3: export and erasure

For 5.3, @xkon would like the team to focus on finalising all outstanding issues with export and erasure requests. @audrasjb has given @xkon access to his repo for the front-end forms for export and erasure, with a view to using this as our first team feature plugin. (#44013)

5.3: privacy notice updates

The team has discussed #44538, #44669, #46687 as an opportunity for collaboration with the #design team.

Plugin privacy audit

@idea15 has finished writing beta version 1 of the plugin privacy audit workflow, with the help of feedback from many team members and plugin developers. Please feel free to test the workflow on your plugin and provide the team with feedback in #core-privacy.

WordCamp Europe

@idea15 has signed up for a slot for the team at the WP Cafe at WCEU. This will be a friendly hangout and chat space with no set agenda.

As with last year, #core-privacy will have a team table at the WCEU contributor day. As with last year, @idea15 @xkon @pputzer @postphotos will take turns secretly disconnecting the wi-fi.

Cross-project privacy cooperation

Members of the #core-privacy team who participate in the cross-project privacy initiative will be participating in the Mozilla Global Sprint in May to standardise file formats for data portability exports and imports across our CMSes, and to identify the export and import functionality which may need to be created within each project. All are welcome to join in. Dates TBC.

Conference talks

New on WPTV:

@rhyswynne at WordCamp Edinburgh 2018: How to integrate the 4.9.6 privacy features into your plugin

@mainplus at WordCamp Belfast 2018: Follow the data

@riankinney at WordCamp Rome 2018: The differences between U.S. and EU privacy law

New talks:

@idea15 participated remotely in a privacy BOF at Drupalcon Seattle on behalf of the #core-privacy team.

@pputzer gave an outstanding talk at WordCamp Vienna on 27 April focusing on active #core-privacy tickets from a developer/site owner perspective. The slides are available here.

Other matters:

@javorszky started a review of the privacy policies which is currently active and available for discussion & review here.

Developer Focused Privacy Updates in 5.2

WordPress 5.2 brings several improvements for developers working with Privacy Policy pages and data exports.

New Privacy Policy Page Helpers

Four new features have been added to make customizing and designing the Privacy Policy page easier:

  • A new function, is_privacy_policy(), can be used in conditionals to identify whether the current $wp_query is for the Privacy Policy page.
  • A new theme template file, privacy-policy.php, is used for rendering the page assigned as the Privacy Policy.
  • .privacy-policy has been added as a body class and is inserted when the currently rendered page is the Privacy Policy page.
  • .menu-item-privacy-policy has been added as a menu item class to specify the menu link that points to the Privacy Policy page.

Backwards Compatibility

The only backwards compatibility concern with using these new helpers is with the is_privacy_policy() function, which would trigger a Call to undefined function fatal error.

Themes and plugins that would like to support the is_privacy_policy() function in older versions of WordPress can use the following shim:

if ( ! function_exists( 'is_privacy_policy' ) ) {
    function is_privacy_policy() {
        return get_option( 'wp_page_for_privacy_policy' ) && is_page( get_option( 'wp_page_for_privacy_policy' ) );

For more information, see #44005.

Loosened Tag Restrictions in User Data Exports

User Data exports no longer use a hardcoded list of allowed tags, limited to just <a> and <br>. They will now use the default list of allowed tags in wp_kses().

Furthermore, the code facilitating the export now passes a personal_data_export context to wp_kses(), so that the allowed tags and attributes can be filtered using the wp_kses_allowed_html filter and checking for the personal_data_export context.

Here’s a filter example that adds support for the <sub> and <sup> tags to the personal data export:

function prefix_allowed_html_filter( $allowedtags, $context ) {
	// Only target personal data export.
	if ( 'personal_data_export' !== $context ) {
		return $allowedtags;

	// Add support for the sub tag.
	if ( ! isset( $allowedtags['sub'] ) ) {
		$allowedtags['sub'] = array();

	// Add support for the sup tag.
	if ( ! isset( $allowedtags['sup'] ) ) {
		$allowedtags['sup'] = array();

	return $allowedtags;
add_filter( 'wp_kses_allowed_html', 'prefix_allowed_html_filter', 2, 10);

For more information, check out the documentation for the wp_kses_allowed_html filter.

See: #44044

#5-2, #core-privacy, #dev-notes, #privacy, #themes

#Core-privacy March update

This is a cumulative update for #core-privacy office hours and bug scrubs held in March 2019.

Office hours are held every Wednesday at 19:00 UTC in the #core-privacy channel on Making WordPress Slack. Bug scrubs are Mondays at 1600 UTC.

We have welcomed several new members into our channel, and were also delighted to welcome back @xkon and @javorszky 🙂

Ticket and bug scrub update

The team has shipped all of its enhancements for the 5.2 release: #44005, #44044, #44707, #44761, #44822, #44833, #44901, #45136, #45999, #46041, #46254, #46369, #43438, #44233, and #44876.

Props @desrosj, @birgire, @garrett-eclipse, @tz-media, @xkon, @cc0a, @itowhid06, @mmuhsin, @arena, @duckdagobert, @dejliglama, @afercia, @mukesh27, @iandunn, @pbiron, @allendav, @azaozz, @jesperher, @davidbinda, @ocean90, @mikejolley, @Clorith, @pento, @ianbelanger, @jplojohn, @joostdevalk

The remaining 5.2 work will focus on resolving a few bugs which reside outside of the component but have a privacy feature. These are the two i18n issues affecting privacy notifications (#44721 and #46056) and an improvement (#37782) to the Menus which introduces the Privacy Policy page as an important page in the list.

@garrett-eclipse worked with Meta to update the Privacy Policy to link to the Data Erasure Request page (meta: 4223) and remove Quantcast verbiage (meta: 4216), and to start work on introducing the Data Export Request page (meta: 4224).

The team has begun to flag privacy-related tickets which should be built as feature plugins with the `feature-plugin` manual tag.

V2 Roadmap

The team’s 2019 roadmap has been published to Make. @postphotos wrote a blog post on Make announcing its publication and explaining how the team has structured the plan.

Github repo

@postphotos has gained admin access to the Github repo which we used for the V1 GDPR phase of our work. It has had no updates since 17 May of last year.

The team will now begin actively using the Github repo. The #core-privacy component maintainers have been given owner access to use it to build the feature plugins detailed in the V2 roadmap.

The existing pages on the repo from the V1 GDPR phase of the team’s existence will be retained on the repo and archived for reference.

Conference talks

  • Chris Wiegman – How to Improve Privacy of Your Site for You & Your Users at WordCamp Miami
  • Panel: What you need to know about Privacy and Security in 2019 at WordCamp Miami (no video yet)
  • Regina Dubinska y Jordi Sala: RGPD en la empresa y en WordPress at WordCamp Barcelona

Cross-project privacy cooperation

Please review and comment on the draft plugin privacy audit workflow drafted by @idea15 and Achilleas from the Joomla! privacy team.

The cross-privacy group will be participating in the Mozilla Open Leaders global sprint in May. It is essentially a virtual contributor day or days focused on something over and above the usual ticket scrubs and doc updates. The #core-privacy team participants should brainstorm something fun to do in cooperation with the Drupal, Joomla, and Umbraco privacy teams to advance global internet health.


Core Privacy’s 2019 Roadmap Published

We are super excited and proud to announce the #core-privacy team’s V2 Roadmap, which was published last week.

  • We’ve worked through the roadmap for the past few months, focusing on building for general privacy enhancements rather than specific legal obligations.
  • We intend to enhance our existing tools (the Privacy Policy generator, export tool, and the erasure tool we built for the V1 GDPR phase) while also developing extended support for things like Embed Privacy Controls and WP-CLI support. We are, of course, keeping an eye on legal developments in the privacy sphere to learn what tools and enhancements we’ll need to build a little later on as the needs change.
  • Where possible, we’ll work to build out plugins first, in order to make development easier for features, and then offer them as a merge to Core.

Let us know what you think of our roadmap! Share your feedback in the #core-privacy Slack channel.

As a friendly reminder, we are always looking for new contributors to our great little team. You can find our open Trac tickets here. We have bug scrubs on Mondays at 1600 UTC and we meet for office hours on Wednesdays at 19:00 UTC.


#core-privacy Office Hours Agenda – 27 February 2019

The following is the agenda for the core-privacy weekly office hours meeting. The meeting is held every Wednesday at 19:00 UTC in the #core-privacy channel on Making WordPress Slack.

Current items

Ticket and bug scrub update

V2 roadmap

  • Finalise and publish to Make
  • Identify work for feature plugins, including GDPR Request Form for a Gutenberg block (see #44013)

V1 repo housekeeping (Github)

Standing Items

Recent and upcoming WordCamp/conference privacy talks

Cross-CMS privacy working group report


#core-privacy Office Hours Minutes – 13 February 2019

The following is a summary of the weekly core-privacy office hours held on 13 February 2019. Weekly privacy office hours are held every Wednesday at 19:00 UTC. A full transcript can be found here in the #core-privacy channel in the Make WordPress Slack.

Participants: @desrosj @dejliglama @idea15 @pepe @lakenh @chriscct7 @postphotos

Admin pointers

@desrosj has created a patch (#45999) to remove the admin pointers for the privacy features which were added in 4.9.6. The attendees agreed that the pointers’ usefulness peaked around the GDPR deadline time when the features were new, but they are no longer necessary.

Workplan for 5.2

The team agreed ten tickets to focus on for release 5.2, all of which are bugfixes or enhancements of existing tools.

The bug scrub for Monday 25 February will focus on 5.2 tickets, and the bug scrub for Monday 4 March will focus on component tickets marked awaiting review.

Component roadmap

@desrosj and @dejliglama have cleaned up the draft roadmap for the component’s work in 2019. The group will finalise all outstanding issues on the roadmap during office hours on Wednesday 20 February, and will post the final roadmap to Make.

Candidates for feature plugins

The roadmap process has included discussions of which new features would be best delivered as plugins. These include embed privacy controls, WP-CLI support, multisite support, and Gutenberg blocks for data export and erasure requests.

Google Fonts

In response to privacy and performance concerns about Google Fonts (#46169, #46170), @pepe is creating a proof of concept patch to add a customizer option to disable Google Fonts for the older (pre-Twenty Nineteen) default themes.

Upcoming WordCamp/conference privacy talks

Cross-CMS privacy working group report

The cross-project privacy team is creating a draft workflow to audit project plugins, modules, and extensions for best privacy practice. The workflow is designed to be adapted to each project’s specific needs. Please review and comment on the first draft.


#core-privacy Office Hours Agenda – 6 February 2019

The following is the agenda for the core-privacy weekly office hours meeting. The meeting is held every Wednesday at 19:00 UTC in the #core-privacy channel on Making WordPress Slack.

Current items

  • Discuss removing the admin pointers for privacy features added in 4.9.6
  • Plan work for 5.2
  • Status update on component roadmap
  • Candidates for feature plugins
  • Discuss options for handling Google Fonts in the editor (#46169) and on older default themes (#46170)

Standing Items

  • Upcoming WordCamp/conference privacy talks
  • Cross-CMS privacy working group report


(6 February meeting not held due to lack of participants – agenda moved to next week.)

Privacy Office Hour Notes: January 30, 2019

The following is a summary of the weekly Privacy office hours that occurred on January 30, 2019. Weekly privacy office hours are held every Wednesday at 19:00 UTC. A full transcript can be found here in the #core-privacy room in the Make WordPress Slack.

Attendees: @desrosj, @idea15, @garrett-eclipse, @dejliglama.

Here are the highlights of the meeting:


The items in the latest roadmap revision were discussed and reprioritized. Because of uncertainty with upcoming laws, existing items should be worked on until around the time of WCEU. The priorities were reorganized into the following order:

  • Core Feature Privacy (things already in Core)
  • Gravatar Privacy Controls
  • Embed Privacy Controls
  • Gutenberg Blocks
  • WP-CLI Support
  • Multisite Support

All other items were moved to the back burner.

Roadmap update will soon be published on

Other Items/Open Floor

  • @dejliglama was officially championed as a privacy component maintainer.

The next weekly privacy office hours will be held on Wednesday, February 6, 2019, at 19:00 UTC in the #core-privacy room in the Make WordPress Slack.

#core-privacy, #privacy

Privacy Office Hours Agenda: January 30, 2019

The following is the agenda for the privacy weekly office hours meeting. The meeting is held every Wednesday at 19:00 UTC in the #core-privacy room of the Making WordPress Slack.

  • Tie the roadmap into Trac and the other priorities for the year.
  • Resolve any outstanding comments, uncertainties, etc.
  • Get it out of a Google Doc and onto Make – here we go into the “who has permissions for what” thing again!
  • Sequencing upcoming work on the roadmap so that contributors focus on one key aspect at a time. It currently reads as a backlog.
  • Working in Github vs. Trac for yet to be shipped in core
  • Cross Project Work
  • Ticket candidates for closure.
  • Discuss removing the admin pointers for privacy features added in 4.9.6.

#core-privacy, #privacy