Comments (10)
My 2 cents: If you want to have a fast validation that doesn't depend on a human being since that's slow (coming from experience with theme reviews), why not explore the option to implement machine learning algorithms for Offensive language or images
?
It's not like these aren't out there (link, link (archived), link). I'm sure there are people who would be up to the task of using some of these and programing some kind of validation tool that would speed up the process.
from pattern-directory.
It's still on my list, but I don't have anything to show for it right now..
from pattern-directory.
Some of the points here aligns closely with the need to validate the block markup of full site editing themes when they are submitted to the directory.
from pattern-directory.
I started some validation in #38, pulling out my comments so they're not lost in the PR:
Does it contain JS or inline CSS?
These should be stripped out by wp_kses
for users, but we'll want to check that when we figure out permissions in general, #30
Is the markup minimally valid?
I'm not sure if we need to check for this - on the frontend, any content generated by the editor should be valid. But in PHP, GB's parser is very forgiving. So "invalid" code, ex: <pThis is content
, passes as a valid paragraph via the API. When that's rendered in the frontend, it triggers the invalid content warning, so anyone looking at the block would know it's broken. Checking for this would probably require something like the block directory e2e tests.
from pattern-directory.
As an alternative to e2e for markup validation, could we use kses? Create an API endpoint that basically just runs a specially configured kses and returns the sanitized output. That's not the same as validation obviously but it might eliminate the need to validate.
from pattern-directory.
The content should already be run through kses by core, and if we set up our own kses rules we would need to keep track of what features GB adds, in case they add support for a new attribute or something, we could unexpectedly invalidate blocks. If someone manages to save invalid HTML, it would be obvious to anyone searching the pattern directory, because the preview would be broken.
Is there a case you're thinking of where we'd want this extra sanitization?
from pattern-directory.
I think we might want to consider restricting the use of images in the pattern builder. Perhaps seeding the media library with a number of worry-free images, remove permissions to upload to the media library, and including some validation around hot linking to un-allowed images.
from pattern-directory.
I think the only remaining task here is to add an Akismet check over the pattern content for spam. We'll be relying on community reporting for standards checking and other issues under the "Last" list.
from pattern-directory.
@dd32 Are you able to look into adding a spam check step to the pattern validation?
from pattern-directory.
Closing this issue now that Akismet is spam-checking patterns (#406). If, as patterns are submitted, we realize we need more checks, we can create new specific issues for that.
from pattern-directory.
Related Issues (20)
- Add tooltip about some blocks not triggering "Upload external images" HOT 4
- Block theme: Change default filtering to "Curated" by default HOT 17
- Block theme: Applying "all" filter and searching for term resets to "curated". HOT 2
- Post List Continuously Loads without Displaying Posts in Pattern Creation Too
- Patterns have a different viewport width than the default in core HOT 5
- Tools: Unify github build workflow and sync scripts for new block theme
- Add "Intro Area with Heading and Image" pattern as a core pattern HOT 6
- Filter menu: Hover text color overrides focus state on current menu item HOT 1
- Search: Invalid ElasticSearch request on pentester submissions HOT 12
- My Patterns page pending list not properly show.
- 2px radius on "favorite" button
- Sentence case for secondary navigation items
- Translations - Core and community patterns are not separated HOT 2
- Sum of likes/stars in my patterns HOT 6
- Single patterns no longer have left/right padding
- No way to go from a patterns page to the authors profiles.wordpress.org page HOT 3
- Patterns: Remove `id`s from the copied pattern code
- My friend created new pattern and he is not able to edit HOT 1
- Missing parent theme: wporg-parent-2021
- Add locale banner for pattern directory
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pattern-directory.