Opened 5 years ago

Closed 5 years ago

#4504 closed defect (bug) (reported-upstream)

Security docs in Plugins hanbook for developing in block editor context

Reported by: manooweb's profile manooweb Owned by:
Milestone: Priority: normal
Component: Developer Hub Keywords:



As we discussed during a #core-editor meeting on wednesday 5th June

it seems there is no guidelines about what a developer need to pay attention when he codes in javascript and espacially React technologies like that exists with PHP in the plugins handbook here

For example when we start and are new on these technologies we can ask ourselves some questions

  • Do I need to use JSX instead of createElement because JSX is safe?


Is it the same because Babel compiles JSX down to React.createElement() calls?

  • What about the use of dangerouslySetInnerHtml? The block editor use it internally. What should we pay attention to when we need to use it?

  • What should we never do?

Because we don't really know where to open the issue I'm going to also open it on the Gutenberg repository on Github


Change History (2)

#1 @SergeyBiryukov
5 years ago

  • Component changed from General to Developer Hub

#2 @dd32
5 years ago

  • Resolution set to reported-upstream
  • Status changed from new to closed

I'm going to close this as a duplicate of the Gutenberg issue:

The Gutenberg team are the best ones to answer this and write up new documentation on what plugins should be doing here.

Note: See TracTickets for help on using tickets.