Make WordPress Core

Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#47501 closed enhancement (reported-upstream)

Security docs in Plugins hanbook for developing in block editor context

Reported by: manooweb's profile manooweb Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Site Keywords:
Focuses: Cc:



As we discussed during a #core-editor meeting on wednesday 5th June

it seems there is no guidelines about what a developer need to pay attention when he codes in javascript and espacially React technologies like that exists with PHP in the plugins handbook here

For example when we start and are new on these technologies we can ask ourselves some questions

  • Do I need to use JSX instead of createElement because JSX is safe?


Is it the same because Babel compiles JSX down to React.createElement() calls?

  • What about the use of dangerouslySetInnerHtml? The block editor use it internally. What should we pay attention to when we need to use it?

  • What should we never do?

Because we don't really know where to open the issue I'm going to also open it on the Gutenberg repository on Github


Change History (4)

This ticket was mentioned in Slack in #core-editor by manooweb. View the logs.

5 years ago

#3 @SergeyBiryukov
5 years ago

  • Component changed from General to site
  • Milestone Awaiting Review deleted
  • Resolution set to reported-upstream
  • Status changed from new to closed

Hi @manooweb, welcome to WordPress Trac! Thanks for the report.

Please note that this Trac is used for enhancements and bug reporting for the WordPress core software. Any issues with sites, including developer handbooks, should be reported on

I've transferred the report to #meta4504. Thanks again!

#4 @manooweb
5 years ago

ok thank you @SergeyBiryukov and sorry I didn't know it

Note: See TracTickets for help on using tickets.