Closed dingo-d closed 5 years ago
jrfnl
commented
5 years ago FYI: readme files can not easily be checked with PHPCS (unless we use a dirty hack which will not benefit the results).
And what about CSS files ? These may contain url(http://externalsite.com/something) values too.
dingo-d
commented
5 years ago For now we can focus on checking css, php and js files (non minified). And then I could add in the theme sniffer a way to just go through the readme and check there for shortened link using a regex (an idea).
jrfnl
commented
5 years ago Closing as fixed by PR #216.
Issue Title
A new sniff should be aded in a new category called
Privacy. It reflects the rule in the handbookIssue Content
Rule type:
Rule:
Handbook rule
URL shorteners are a possible security risk since they obfurscate the link destination, and can point to a malicious web sites containing spam or maleware. They are explicitly forbidden in the themes on wordpress.org.
List of URL shorteners:
https://goo.gl/ https://bitly.com/ https://polrproject.org/ https://www.rebrandly.com/ https://tinyurl.com/ https://hootsuite.com/pages/owly https://is.gd/ https://buffer.com/ http://adf.ly/ https://bit.do/
I'm planning on writing a sniff for this, I'll generate few shortened links that I'll provide in the unit tests. These should be checked against in enqueue functions, HTML anchor and link elements, readme files and JS files as well.
To do: