Agenda for 2016 October 4

The Theme Review Team holds a meeting weekly and we encourage all members to attend.

Channel: #themereview | Time: Tuesday at 18:00 UTC 18:00 UTC


  • I created an issue on Twenty Seventeen to remove the prefix for the third party scripts and standardize the script/style handles. @davidakennedy would like a official recommendation from the Theme Review Team as it is not documented. Do we document this as a recommendation or requirement? Related to this. Possible guidline “Third party library scripts and styles should not be prefix with the theme slug to prevent the assets being loaded twice. The words should be sperated using a dash (-). Assets that are dependant on additional libraries should be prefixed with that library slug e.g. “jquery-fitvids”.”
  • To be able to automate the checking of the text domains used in the theme the recommended solution was to create a whitelist of second text domains that would be allowed. This would allow us to check if the text domain really belongs to a framework and allow us to review which text domains get added to the whitelist. A good requirement to be added to the would be that the framework has it’s own translations. @greenshady started a list. Is the whitelist complete are there any other domains that need to added? Related to
  • There are two points in the escaping sniff from WPCS need to be discussed. This needs to be discussed in multiple meetings. We need to deceide what to do with the two points. Related ticket:
    • The escaping sniffsniff A module for PHP Code Sniffer that analyzes code for a specific problem. Multiple stiffs are combined to create a PHPCS standard. The term is named because it detects code smells, similar to how a dog would "sniff" out food. from WPCSWordPress Community Support A public benefit corporation and a subsidiary of the WordPress Foundation, established in 2016. requires that all translations are escaped. If we require all themes to escape their translation it will make automation easier.
    • The escaping sniff checks every variable if it is being escaped before it is echoed. This will logically create a number of false positives. The false possitives can be disabled by using an inline comment // xss ok . How do we inform the theme authors that they can use this inline comment to mark false possitives? We could add a warning when the code comment is used so to check that it is not being abused.
  • Feedback from the Review shindig/session on 1st/2nd October

Related Information from other teams

  • Please read up on the new multi-panel feature to pages through add_theme_support  ( CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. ticket #core-37974 )

If time permits, additional topics may be discussed.

If you have any topics, then please reply to this post and include the topic, along with a brief description of what you would like to discuss.