Shortcake (Shortcode UI) chat summary – August 24th, 2015

Present: @danielbachhuber, @goldenapples, @miqrogroove, @azaozz

Logs: https://wordpress.slack.com/archives/feature-shortcode/p1440442841000013

  • We triaged the remaining issues for v0.5.0. Daniel will be picking them up over the next day.
  • A big project for v0.6.0 will be to go through core’s feature plugin guidelines and identify what we need to change to be valid.
  • Spent time discussing @miqrogroove summary of shortcode problems, and proposed solutions

Next chat: same time and place

Next release: v0.5.0 – this week (a bit overdue)

#feature-plugins, #meeting-notes, #shortcode-ui, #shortcodes, #updates

Changes to the Shortcode API

Earlier today, we released WordPress 4.2.3, which includes a relatively large security fix that affects the Shortcode API. Due to the nature of the fix – as is often the case with security fixes – we were unable to alert plugin authors ahead of time, however we did make efforts to scan the plugin directory for plugins that may have been affected.

With this change, every effort has been made to preserve all of the core features of the Shortcode API. That said, there are some new limitations that affect some rare uses of shortcodes.

Reminder: Never, under any circumstances, should you hack core files. This includes downgrading specific files. Doing so could have unintended consequences on your WordPress installation, including major security implications.

Basic Shortcode Usage

A brief explanation on the original purpose of shortcodes will help to explain the change. In a basic post, like this example, shortcodes are used to insert dynamic code:

Here are my images. [gallery]

Here you can see that the shortcode stands on its own as a dynamic element within the blog post content. This is the central premise of the Shortcode API: make it easy to insert blocks of dynamic code.

Shortcodes with Filtered Styles

In today’s release of WordPress 4.2.3, however, we’ve added some new limitations that affect some existing plugins. Take, for example, the following shortcode, which is no longer recognized:

<div style="background-image: url('[shortcode]');">

The shortcode in the example above appears in a context that is no longer supported. Further, this use of a shortcode stretches the imagination for how the Shortcode API was intended to be used. Fortunately, there are some workarounds still available, so that site administrators are not overly restricted in their use of HTML.

Workaround

The following example still functions as expected and is considered more acceptable:

<div [shortcode]>

Going forward, plugins implementing shortcodes for inline styles should output the entire style attribute rather than a bare value. Keep in mind that this workaround – just as the original example above – is only available to administrators and editors (i.e. only roles with unfiltered_html). Less-privileged users are still prevented from using shortcodes to output whole attributes in this manner. If a plugin is intended to work with author and contributor roles, we recommend that the plugin output an entire <div>.

Shortcodes with Bad Quotes

The following example is also no longer allowed:

<a href="/[shortcode query="?ref="]">

In the above situation, the shortcode is now properly recognized as HTML and it is rejected by the API. Apart from the example being confusing, WordPress cannot parse that shortcode.

Workaround

Instead, either of the following examples would be appropriate:

Example 1: <a href="/[shortcode query='?ref=']">
Example 2: <a href='/[shortcode query="?ref="]'>

Administrators as well as lesser-privileged authors can continue to use shortcodes in this way, as long is it conforms to the usual HTML filtering rules. However, as explained in the first example, administrators are now somewhat limited in this situation in one case: if the content in this href attribute is generated by a shortcode that does not conform to the HTML filters, then the shortcode is rejected for all users.

We do not make this change lightly and understand that it may affect some usecases. The above examples and explanations should help plugin authors make the modifications needed to support the Shortcode API.

#4-2, #4-2-3, #dev-notes, #plugins, #shortcodes

Shortcake (Shortcode UI) chat summary – July 20th, 2015

Present: @danielbachhuber, @matth_eu

Logs: https://wordpress.slack.com/archives/feature-shortcode/p1437419017000004

Next chat: same time and place

Next release: v0.5.0 – Tuesday, August 4th

#feature-plugins, #meeting-notes, #shortcode-ui, #shortcodes, #updates

Shortcake (Shortcode UI) chat summary – June 29th, 2015

Present: @danielbachhuber, @samuelsidler, @matth_eu

  • Sam shared with us the possibility of getting Shortcake committed to WordPress core. While he can’t make any guarantees, this is the direction he suggested:
    • Better first-run experience with the plugin so people can evaluate it better. He recommends adding a few “example” shortcodes, and mention that they’re examples / not to be included in core. Pull quote and PDF could be a good start.
    • Decide on the appropriate UX for inserting new shortcodes. The experience is currently tucked away under “Add Media”. We’ve been exploring a “Add Post Element” button alongside “Add Media”, or dedicated buttons in the editor for some post elements.
    • Inline editing would be really nice. We should see if we can make it the default experience for most shortcodes, and all existing core shortcodes. We should also experiment with content blocks, and see what other editors are doing.
  • Matt lost his internet, so we didn’t talk about any code things.

Logs: https://wordpress.slack.com/archives/feature-shortcode/p1435604506000006

Next chat: same time and place

Next release: v0.5.0 – Tuesday, August 4th

#meeting-notes, #shortcode-ui, #shortcodes

Shortcake (Shortcode UI) chat summary – June 22nd, 2015

Present: @danielbachhuber, @goldenapples, @davisshaver

Logs: https://wordpress.slack.com/archives/feature-shortcode/p1434999676000006

Next chat: same time and place

#meeting-notes, #shortcode-ui, #shortcodes

Shortcake (Shortcode UI) chat summary – June 8th, 2015

Present: @danielbachhuber, @matth_eu, @goldenapples

  • Shortcode UI v0.4.0 will be shipping tomorrow (June 9th) or Wednesday (June 10th). Here are all of the issues.
  • We spent some time discussing the bugs in the backlog.

Next chat: same time and place

#meeting-notes, #shortcode-ui, #shortcodes

Shortcake (Shortcode UI) chat summary – June 1st, 2015

Present: @danielbachhuber, @matth_eu

If you’d like to get involved, our documentation could really use some editing / additions. Feel free to open a GH issue with suggestions, or stop by #feature-shortcode in Slack.

Logs: https://wordpress.slack.com/archives/feature-shortcode/p1433185206000006

Next chat: same time and place

#meeting-notes, #shortcode-ui, #shortcodes

Shortcake (Shortcode UI) chat summary – May 11th, 2015

Present: @danielbachhuber, @matth_eu, @goldenapples

  • Fusion pushed Image Shortcake to production today. It’s a plugin that uses Shortcake to replace with [img]. The biggest outstanding implementation issue is aligning an image left or write with text wrap. @goldenapples will continue to explore in Shortcake.
  • We’d like users to be able to edit shortcode attributes with a rich-text editor. However, core doesn’t easily support this use-case. For now, it looks like we’ll transparently encode and decode attributes with HTML values. @matth_eu will create a core ticket see how we can make this less of a hack.
  • We’re still looking to ship v0.4.0 on or around June 9th. Enhancements will be landing in the next couple of weeks so we can have a week or two of soaking before publishing to WordPress.org.

Logs: https://wordpress.slack.com/archives/feature-shortcode/p1431371317000011

Next chat: same time and place

#meeting-notes, #shortcode-ui, #shortcodes

Shortcake (Shortcode UI) chat summary – April 27th, 2015

Present: @danielbachhuber, @matth_eu

Logs: https://wordpress.slack.com/archives/feature-shortcode/p1430161317000487

Next chat: same time and place

#meeting-notes, #shortcode-ui, #shortcodes

Shortcake (Shortcode UI) chat summary – April 20th, 2015

Present: @danielbachhuber, @matth_eu

  • Meeting focused on clearing up some of the remaining issues in the v0.3 milestone.
  • In v0.4, we’re looking into de-coupling Shortcake from the Media Library experience. If you have opinions on this regard, you should follow along on this issue
  • Matt has done some exploration of repeatable fields. The crux of the problem is our field templates include the field, and label and description. Fieldmanager and CMB use prototype HTML for repeatable fields. However, before we go about reinventing Fieldmanager, we should reach out to Metadata API working group to see how they’re approaching.
  • Supporting rich text editor for a shortcode attribute is a nice idea but has a couple fundamental flaws: 1) HTML can’t easily be stored in shortcode attributes, 2) TinyMCE views gets funky when there’s HTML in the inner_content. The idea needs more technical baking before we can commit it to a milestone.
  • Goal is to have remaining v0.3 issues into Fusion production by tomorrow morning PT, and then ship Wednesday or Thursday.

Logs: https://wordpress.slack.com/archives/feature-shortcode/p1429556549000347

Next chat: same time and place

#meeting-notes, #shortcode-ui, #shortcodes