[theme-reviewers] Theme standards and obfuscation
Andrew McGill
list2010 at lunch.za.net
Thu Apr 26 13:41:14 UTC 2012
Hi
I notice that the theme standards do not say anything about code obfuscation and readability:
http://codex.wordpress.org/Theme_Review#Security_and_Privacy
I suggest the following guidelines:
* No obfuscation: all code must written in human readable format: measures that reduce readability are not allowed. (e.g. variable name mangling, stripping indentation)
* No hiding: All code must appear in regular .php files. No measures to obscure the code being run are permitted.
The reason this would be helpful is that there are a lot of commercial themes of dubious quality employing various kinds of obfuscation - 85 levels of base64_decode and gzip hiding the closing div tags, wp_footer and the 'if $posts>20 (advertise())'. It is also pretty hard to distinguish "legitimate" obfuscation from a hacked site.
It would make the world a happier place if wordpress.org said that code obfuscation is not-so-cool.
Something should also be said about code obfuscation in javascript files too ... (e.g. the compressed version of jquery). I reckon it should be discouraged (if not prohibited).
More information about the theme-reviewers
mailing list