Shortcake, built on top of the core Shortcode API, aims to make it easier to use shortcodes. Recently, it’s been great to see the underlying API getting some attention. There has been a lot of work and discussion around making the implementation as robust, fast and secure as possible.
This is all great news for Shortcake too. We’ve definitely hit some of the limitations of the current API! On our side we have also been doing a lot to make the Shortcake plugin as robust, fast and secure as possible. In particular we have optimised the way we fetch shortcode previews, allowed the use of HTML in labels/descriptions in a way that remains secure, and aligned the shortcode parsing regex to use core functionality to make sure we get all the benefits of the ongoing work in core.
Optionally encode attributes
One of the most painful limitations of the existing core shortcode parsing API has been the inability to use certain characters in attribute values. Attributes which included quotation marks or square brackets would break the entire shortcode in output, and HTML in attribute values would be stripped out… where it didn’t break the parsing altogether.
We’ve added a new option to attribute fields,
encode, which sets a flag to store that attribute’s value as a URL-encoded string, getting around these issues. (If you are using this functionality for a shortcode, you will need to pass the shortcode tag as a third parameter to the
shortcode_atts() function in your shortcode callback, in order to have the attribute decoded on retrieval for you. See the demo plugin for an example of how this is done.)
The future of Shortcake: new organization, core integration, and compatibility
For the next release we’re going to target some time in the spring. This will allow us to spend time between now and the New Year focusing on non-code issues and putting together a proposal for inclusion in core.
As part of this we will be working through UI and API concepts, as well as targetting our code more closely to the changes happening in WordPress core, dropping support for older versions of WordPress.
Thanks to everyone who has contributed to this release. The following Github users have all had commits merged during this release: scherii, GaryJones, Mte90, fredserva, Fstop, Jeni4, danielbachhuber, goldenapples, khromov, and mattheu. But we would also like to extend a huge thanks to everyone else who has used the plugin, created issues, and joined the weekly meetings.
- Supports an optional
encode=trueargument for attributes, to allow limited HTML support. Attributes need to be run through
shortcode_atts()in order to be properly decoded.
- Defines a
SHORTCODE_UI_DOING_PREVIEWconstant when rendering a shortcode preview, which enables callbacks to serve a different representation of the shortcode in TinyMCE.
- When an attachment is already selected for a shortcode attribute, opening media library will include it selected.
- Cleaned up icon vertical alignment in the Insert Post Element UI.
- Added CSS utility classes to all field HTML. For instance, the attachment field is now wrapped with
- Added filters to modify shortcode UI arguments on registration.
- Cleaned up the example plugin, so it’s a much more useful developer reference.
- Permits HTML in field labels and descriptions.
- Added Danish translation.
- Added Italian translation.
- Added German translation.
- Core integration: Fully supports PHP 5.2.
- Bug fix: Persists shortcode attributes and inner content when there isn’t UI registered for them. Previously, they would be discarded.
- Bug fix: Display the description on the post select field.
- Bug fix: Attribute field change event binds to input event rather than keyup.