[theme-reviewers] Theme standards and obfuscation

Thu Apr 26 15:03:23 UTC 2012

I just noticed that in Theme Guidelines there is no reference to WordPress
Coding Standards http://codex.wordpress.org/WordPress_Coding_Standards May
be a link in section "Code Quality" will be helpful for developers.

Fingli

На 26 април 2012, 17:27, Chip Bennett <chip at chipbennett.net> написа:

> Code obfuscation is treated as such a high-level, obvious no-no that it is
> "assumed without saying". As Jay indicated: Theme Check flags code
> obfuscation at a WARNING level, and the uploader script will simply fail to
> upload any Theme with obfuscated code. Anyone who even needs to ask if
> obfuscated code is acceptable probably isn't someone we even want to
> associate ourselves with in the first place, so the guidelines aren't
> tailored to such people. :)
>
> Note: "obfuscation" (more properly: minification) of script libraries is
> perfectly acceptable, provided that a human-readable version is included
> for reference.
>
> Thanks,
>
> Chip
>
>
> On Thu, Apr 26, 2012 at 8:41 AM, Andrew McGill <list2010 at lunch.za.net>wrote:
>
>> Hi
>>
>> I notice that the theme standards do not say anything about code
>> obfuscation and readability:
>>
>>        http://codex.wordpress.org/Theme_Review#Security_and_Privacy
>>
>> I suggest the following guidelines:
>>
>>  * No obfuscation: all code must written in human readable format:
>> measures that reduce readability are not allowed. (e.g. variable name
>> mangling, stripping indentation)
>>
>>  * No hiding: All code must appear in regular .php files. No measures to
>> obscure the code being run are permitted.
>>
>> The reason this would be helpful is that there are a lot of commercial
>> themes of dubious quality employing various kinds of obfuscation - 85
>> levels of base64_decode and gzip hiding the closing div tags, wp_footer and
>> the 'if $posts>20 (advertise())'.  It is also pretty hard to distinguish
>> "legitimate" obfuscation from a hacked site.
>>
>> It would make the world a happier place if wordpress.org said that code
>> obfuscation is not-so-cool.
>>
>> Something should also be said about code obfuscation in javascript files
>> too ... (e.g. the compressed version of jquery).  I reckon it should be
>> discouraged (if not prohibited).
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>

-- 
Yulian Yordanov
post-scriptum.info
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20120426/ae067c91/attachment.htm>