Updates from May, 2009 Toggle Comment Threads | Keyboard Shortcuts

  • Mark Jaquith 4:54 pm on May 18, 2009 Permalink | Reply
    Tags: , , esc_url, esc_url_raw,   

    Deprecated clean_url() in favor of esc_url(), and deprecated sanitize_url() in favor of esc_url_raw().

     

  • Mark Jaquith 3:13 pm on May 18, 2009 Permalink | Reply
    Tags: , , esc_attr, esc_html,   

    Deprecated wp_specialchars() in favor of esc_html() (also: esc_html__() and esc_html_e()). Using wp_specialchars() with more than one param works for backwards compat. Also, esc_html() (or wp_specialchars() with one param) escapes quotes, just like esc_attr(). This buys security for plugin authors who were mistakenly using a one-param wp_specialchars() call in an HTML attribute. See this wp-hackers message for more detail.

     

  • Peter Westwood 8:20 pm on May 11, 2009 Permalink | Reply  

    Trying to keep the commit candidates under control. Every time I look up the list gets bigger.

     

    • Denis de Bernardy 10:45 pm on May 11, 2009 Permalink | Reply

      Yeah, I did some cleaning up and testing. :-)

    • Denis de Bernardy 10:50 pm on May 11, 2009 Permalink | Reply

      It would help if they got committed or rejected with feedback faster, btw.

      trac wouldn’t be so overcluttered with tickets if commit candidates got looked into on the spot. and contributors would have more incentive to maintain their patches. as things are, a valid ticket can easily be ignored for a year from lack of traction, and that is quite discouraging for contributors.

      some oss projects (pgsql) have a bug-to-feedback process of under 48 hours. that helps *a lot* to get the community involved. especially, as is the case of pgsql, when it usually means bug-to-fix.

      • Peter Westwood 6:11 am on May 12, 2009 Permalink | Reply

        We do try to respond as fast as possible. But responding is not a short task and good quality patch review takes time.

        You have to make sure that the bug is being fixed in the correct way.

        Often lack of detail in the ticket will make this take longer

  • Mark Jaquith 9:16 pm on May 5, 2009 Permalink | Reply
    Tags: , ,   

    Standardizing and shortening the WP security escaping functions.

    attribute_escape() is now esc_attr()

    Additionally, you can do attribute escaping and translation in one go. Just add the translation function to the end. Like so:

    • esc_attr__() — translate and return, attribute-escaped.
    • esc_attr_e() — translate and echo, attribute-escaped.

    Will be following up with esc_html (with __() and _e() variants), esc_url(), maybe some more. Will be nice, short, predictable, and allow you do translate/escape in one go without a lot of nested parenthesis.

     

    • Viper007Bond 5:04 am on May 6, 2009 Permalink | Reply

      An esc_js() or whatnot might be useful to (i.e. an improved js_escape() (see #7648).

      • Mark Jaquith 5:58 am on May 6, 2009 Permalink | Reply

        Yes, I meant to include that in the list of “coming soon” ones. Though js_escape() would continue to work, as would attribute_escape() and wp_specialchars().

        Improvements to esc_js() née js_escape() are a separate issue — I’ll take a look at that ticket.

    • Leandro Vieira Pinho 3:11 am on May 9, 2009 Permalink | Reply

      Why not escape_attr than esc_attr?. Write escape is more intuitive than esc.

  • Andrew Ozz 12:54 am on May 3, 2009 Permalink | Reply
    Tags:   

    Going through some of the accessibility improvements. 2.7 was tested with JAWS but there were some changes in the UI since then. Does anybody use JAWS or another screen reader, or know somebody that uses it? Feedback is welcome.

     

    • Ryan 8:05 am on May 3, 2009 Permalink | Reply

      I do someone who uses Jaws. I’ll send a link to this page to them in case they are keen to help out.
      I’ve sent him an email. Hopefully he’ll be keen to help out.

    • slger 1:22 pm on May 3, 2009 Permalink | Reply

      Yry NVDA http://www.marcozehe.de/articles/how-to-use-nvda-and-firefox-to-test-your-web-pages-for-accessibility/

      Is there a list of accessibility items to test? I’ll work on them.

      My biggest problem: can’t get rid of archieves. Also cannot see theme well enough to know if it looks ok. What’s the most accessible theme?

    • Ryan 10:08 pm on May 3, 2009 Permalink | Reply

      This ticket has some discussion on hidden labels.

    • Lynne 1:30 pm on May 6, 2009 Permalink | Reply

      FWIW, I know of a couple of folk who use assistive devices and who cannot use 2.7. As far as I know, they are still on 2.6.5. JAWS is only one of a number of assistive devices and even with JAWS users, proficiency varies. Accessibility with JAWS depends on the users level of experience and also on which browser they are using. EYES has the same issues. Headwands, voice recognition, etc also rely on the site being accessible and, again, these are things most of us can’t test.

      Having said that, there are a number of people, including people with disabilities, who are keen to see WordPress become fully accessible. Some just walked away after concerns about 2.7 got fobbed off with the comment that it underwent usability testing and was therefore ok. I pretty much shut up about accessibility at that time too, and although I develop sites for others on 2.7/2.7.1, my own site remains on 2.6.5 because of accessibility issues.

      Don’t try to go it alone guys – great coders are not expected to be experts in web app accessibility. If you put accessibility improvements on the roadmap for 2.9 and would consider opening a wp-accessibility mailing list for those in the accessibility field to discuss issues and fixes in, I can get a call out to the Guild of Accessible Web Designers and others I network with and get people working on this.

      Just a thought.

      • Glenda Watson Hyatt 2:40 am on May 8, 2009 Permalink | Reply

        Great point, Lynne! Involve people with disabilities who use various assistive technology in to development and testing.

      • Jane Wells 2:02 am on May 9, 2009 Permalink | Reply

        Lynne, who commented that 2.7 underwent usability testing and was therefore okay? Not any of the core team, I’m sure, as we did have someone from an accessibility company do a review for us during the 2.7 dev cycle, and we fixed as many of the things as we could. Usability and accessibility are not the same, and we all recognize that. There’s definitely room for improvement, but we absolutely are paying attention.

      • Lynne 7:07 am on May 18, 2009 Permalink | Reply

        I put in a request through wp-hackers a few weeks back, asking if we could have a wp-accessibility mailing list set up please. There are enough people interested in contributing to development and testing for accessibility that a dedicated mailing list would, IMO, be very worthwhile.

        Has there been any decision made on this yet? Accessibility discussion just gets lost in the busy wp-hackers list & that list is not perceived as the most inviting for those whose primary interest is in accessibility issues.

        • Barry 3:29 pm on July 2, 2009 Permalink

          This should be done in the next week or so.

    • Lorelle VanFossen 2:32 pm on May 6, 2009 Permalink | Reply

      Don’t forget to include Glenda Watson Hyatt of http://www.doitmyselfblog.com/ as she is an accessibility expert, WordPress fan, and living tester of these things. She has top connections, too, to help. @glendaWH on Twitter.

c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
shift + esc
cancel
Follow

Get every new post delivered to your Inbox.

Join 906 other followers