Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No mention of KSES on Internationalization Security page #1508

Open
johnbillion opened this issue Mar 23, 2024 · 4 comments
Open

No mention of KSES on Internationalization Security page #1508

johnbillion opened this issue Mar 23, 2024 · 4 comments
Assignees
@flexseth
Labels
developer documentation (DevHub) Improvements or additions to developer documentation self-assigned [Status] To do Issue marked as Todo

Comments

@johnbillion
Copy link
Member

Issue Description

The Internationalization Security page makes no mention of KSES. It only covers translation escaping.

URL of the Page with the Issue

https://developer.wordpress.org/plugins/internationalization/security/

Section of Page with the issue

N/A

Why is this a problem?

Using KSES is a valuable way of allowing HTML in translations while maintaining security.

Suggested Fix

Add a section which documents the use of wp_kses() for allowing a trusted list of HTML tags and attributes for translations.
@johnbillion johnbillion added the [Status] To do Issue marked as Todo label Mar 23, 2024
@github-actions GitHub Actions
Copy link

Heads up @WordPress/docs-issues-coordinators, we have a new issue open. Time to use 'em labels.
@flexseth
Copy link
Collaborator

flexseth commented Mar 27, 2024
edited
Loading

Greetings @johnbillion - I'm not sure this page actually ever existed in the plugin info. However- I am working on improving the plugin pages to include a sample plugin, security best practices, and how to best position a plugin developer to pass the check to allow their software to be offered in the WP.org plugin repo.

See that you have a couple of plugins that you've worked on, do you think you would be up to writing a simple section that explains

  • Brief overview of KSES (can be copy/pasted from the security info, and linked there)
  • How to use KSES in plugin development? Maybe some use cases using common hooks?

Even bringing some code in that you've written in one of your plugins would be helpful. We are looking for as many examples of what to do as possible for the various development handbooks!

Candidly, I haven't done much plugin development, mostly in the past I was a themer and now use JavaScript which I believe abstracts out the KSES functionality into the __() function from the i88n package. So I'm not really that great with plugin dev, but have been wanting to update this page in a big way.

You are right: The info should be there. Here's a Slack threadI started about mentioning security on the plugin best practices page...

Do you think you would be up to writing a brief blurb with some examples, and we can link out to the KSES section for more info?

Here's the current Best Practices for writing plugins page, I'd like to more highlight security here.
@flexseth
Copy link
Collaborator

/assign
@github-actions GitHub Actions
Copy link

Hey @flexseth, thanks for your interest in this issue! 🍪🍪🍪
If you have any questions, do not hesitate to ask them in our #docs Slack channel.
Enjoy and happy contributing ❤️
@flexseth flexseth added the developer documentation (DevHub) Improvements or additions to developer documentation label Mar 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
developer documentation (DevHub) Improvements or additions to developer documentation self-assigned [Status] To do Issue marked as Todo
2 participants
@johnbillion @flexseth