[theme-reviewers] Theme standards and obfuscation

Chip Bennett chip at chipbennett.net
Thu Apr 26 14:27:59 UTC 2012


Code obfuscation is treated as such a high-level, obvious no-no that it is
"assumed without saying". As Jay indicated: Theme Check flags code
obfuscation at a WARNING level, and the uploader script will simply fail to
upload any Theme with obfuscated code. Anyone who even needs to ask if
obfuscated code is acceptable probably isn't someone we even want to
associate ourselves with in the first place, so the guidelines aren't
tailored to such people. :)

Note: "obfuscation" (more properly: minification) of script libraries is
perfectly acceptable, provided that a human-readable version is included
for reference.

Thanks,

Chip

On Thu, Apr 26, 2012 at 8:41 AM, Andrew McGill <list2010 at lunch.za.net>wrote:

> Hi
>
> I notice that the theme standards do not say anything about code
> obfuscation and readability:
>
>        http://codex.wordpress.org/Theme_Review#Security_and_Privacy
>
> I suggest the following guidelines:
>
>  * No obfuscation: all code must written in human readable format:
> measures that reduce readability are not allowed. (e.g. variable name
> mangling, stripping indentation)
>
>  * No hiding: All code must appear in regular .php files. No measures to
> obscure the code being run are permitted.
>
> The reason this would be helpful is that there are a lot of commercial
> themes of dubious quality employing various kinds of obfuscation - 85
> levels of base64_decode and gzip hiding the closing div tags, wp_footer and
> the 'if $posts>20 (advertise())'.  It is also pretty hard to distinguish
> "legitimate" obfuscation from a hacked site.
>
> It would make the world a happier place if wordpress.org said that code
> obfuscation is not-so-cool.
>
> Something should also be said about code obfuscation in javascript files
> too ... (e.g. the compressed version of jquery).  I reckon it should be
> discouraged (if not prohibited).
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20120426/ef4c5ad6/attachment.htm>


More information about the theme-reviewers mailing list