[wp-trac] [WordPress Trac] #33472: Templating Engine

Tue Sep 1 18:39:18 UTC 2015

#33472: Templating Engine
-----------------------------+---------------------------------------
 Reporter:  KalenJohnson     |       Owner:
     Type:  feature request  |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Themes           |     Version:  trunk
 Severity:  normal           |  Resolution:
 Keywords:                   |     Focuses:  administration, template
-----------------------------+---------------------------------------

Comment (by KalenJohnson):

 Thanks for jumping in, @jarednova ! I was hoping you would, since Timber
 is the most popular implementation of a templating engine in WordPress
 currently.

 > Often template languages are too simplistic. It’s difficult to express
 complex conditions or prepare data without resorting to a logical
 language. This has the potential to be severely limiting.

 I agree with what Jared already pointed out above. Templating engines
 aren't simplistic, rather, they are encouraging you to prepare and set up
 your data ''before'' getting to the actual template. WordPress themes in
 the past have not really enforced this, and in actuality, has encouraged
 relatively complex logic in theme templates with functions that do much
 more work than they should.

 The reality though is that while this was accepted practice years ago,
 it's no longer the preferred or accepted way to handle content in the rest
 of the web development world. Templates should not contain much logic
 other than if statements, and loops. And templates should certainly not be
 making database calls.

 > I think this is a very good concern to highlight. While the security
 exploits aren't obvious, I can see how a small risk multiplied by 23% of
 the web could create a major unforeseen gap in security.

 I just took a look at the [http://twig.sensiolabs.org/doc/api.html#basics
 Twig docs], and they actually seem to use `.html` files for templates:

 {{{
 $template = $twig->loadTemplate('index.html');
 }}}

 So that would most likely be much better covered on web hosts. Also I know
 that Laravel Blade still uses the the PHP extension, but templates files
 are structured as `index.blade.php`. So I think we could still keep it
 secure on all hosts.

 > I think we should take advantage of the lead WP has by investing in
 where the market is going.

 Couldn't agree more. WP is certainly doing this in many areas: Customizer,
 heavy JavaScript usage (including templating!), automatic updates, etc.
 Themes are one of the things that has been sort of left behind, I think
 simply because it is relatively open ended and up to the theme developer
 to employ best practices. However, again, a templating engine enabled by
 default would encourage best practices and get a major part of WordPress
 up to date with the rest of the web development community.

 Hoping to have some comments from core team soon :)

--
Ticket URL: <https://core.trac.wordpress.org/ticket/33472#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform