We had a pretty solid meeting and covered a good bit of ground. Thanks to everyone who participated!
Prefixing third-party scripts
The team discussed and voted on “officially” recommending dropping the prefix on script/style handles when it is a third-party script. Note that this is a recommendation, not a requirement at this point. There were 8 votes in favor of this recommendation and 0 against.
jquery-fitvids, for example, is preferable to
However, any custom scripts/styles that are specific to the theme, should still be prefixed.
Whitelisting framework textdomains
If your theme framework handles its own textdomain, you need to add it to the list of exceptions. Otherwise, the newer theme check will block Block is the abstract term used to describe units of markup that, composed together, form the content or layout of a webpage using the WordPress editor. The idea combines concepts of what in the past may have achieved with shortcodes, custom HTML, and embed discovery into a single consistent API and user experience. any theme that has more than one textdomain.
Escaping sniffs A module for PHP Code Sniffer that analyzes code for a specific problem. Multiple stiffs are combined to create a PHPCS standard. The term is named because it detects code smells, similar to how a dog would "sniff" out food.
There were two points discussed on escaping. This deals directly with a proposed sniff for the new theme check.
1) The escaping sniff A module for PHP Code Sniffer that analyzes code for a specific problem. Multiple stiffs are combined to create a PHPCS standard. The term is named because it detects code smells, similar to how a dog would "sniff" out food. requires that all theme translations be escaped before being echoed. There were 0 votes in favor of this and 11 votes against.
2) The escaping sniff requires that all variables be escaped on output. However, this creates many false positives. The way around this is to add an inline comment of
// xss ok. There were 0 votes in favor of this and 9 votes against.
Based on the discussion and tallied votes, it seems the team prefers that the tools work for theme authors rather than having theme authors changing their code to “work around” or follow some rules to accommodate automation. Our tools should not be dictating how people code. If the sniffs aren’t up to the task, they need more time to be developed into better sniffs.