search

WordPress / plugin-check

A repository for the new Plugin Check plugin from the WordPress Performance and Plugins Team.
https://wordpress.org/plugins/plugin-check/
GNU General Public License v2.0
198 stars 39 forks source link

Check: Calling remote files (js, css, images, etc). Offloading / External #486

Open davidperezgar opened 4 days ago

davidperezgar commented 4 days ago

This objective of this check is to detect external assets being loaded in WordPress. The users have to make it local, and we consider as an error for this check.

How could develop this check?

We could use typical assets extensions. The list could start with: css, svg, jpg, jpeg, gif, png, webm, mp4, mpg, mpeg, mp3, json, fonts, etc.

Then, we have to find if they are using external source or is being loaded locally.

Our description to developers:

Calling files remotely

Offloading images, js, css, and other scripts to your servers or any remote service (like Google, MaxCDN, jQuery.com etc) is disallowed. When you call remote data you introduce an unnecessary dependency on another site. If the file you're calling isn't a part of WordPress Core, then you should include it -locally- in your plugin, not remotely. If the file IS included in WordPress core, please call that instead.

An exception to this rule is if your plugin is performing a service. We will permit this on a case by case basis. Since this can be confusing we have some examples of what are not permitted:   Offloading jquery CSS files to Google - You should include the CSS in your plugin. Inserting an iframe with a help doc - A link, or including the docs in your plugin is preferred. Calling images from your own domain - They should be included in your plugin.   Here are some examples of what we would permit:   Calling font families from Google or their approved CDN (if GPL compatible) API calls back to your server to process possible spam comments (like Akismet) Offloading comments to your own servers (like Disqus) oEmbed calls to a service provider (like Twitter or YouTube)

Please remove external dependencies from your plugin and, if possible, include all files within the plugin (that is not called remotely). If instead you feel you are providing a service, please re-write your readme.txt in a manner that explains the service, the servers being called, and if any account is needed to connect.

Example(s) from your plugin: