Upfront coding tidyness and security

Argh the forum just ate the last question I typed out, you may want to look into it. Id typed everything out except the theme name, when I entered it boom I was back at the forum page and my question was gone!

Anyway it went rouhgly like this:

Hi all,

Upfront + themes = great idea for commercial projects of a certain type (non-tech users).

How useful is it to me as a dev with pretty good CSS skills, I can get themes to look how I want anyway?

How tidy is the code, I had a quick look and saw some pretty long CSS names and a lot of element divs. Typically website builders create messy code which may slow down the website and effect SEO etc, plus its just untidy!! How and does Upfront tackle this?

Also there has been a lot of talk recently about XSS vulnerabilities. Does Upfront use XSS, would a hacker be able to change the front end of my website even easier with all these nice Upfront options?

As a dev is Upfront useful to me for my personal websites at all or just for some commercial projects or the odd client who wants mega control over their website?

Your thoughts as always appreciated.

Cheers

Neil

  • Predrag Dubajic

    Hey @ThePath,

    Hope you're doing well today :slight_smile:

    Argh the forum just ate the last question I typed out, you may want to look into it. Id typed everything out except the theme name, when I entered it boom I was back at the forum page and my question was gone!

    Sorry to hear that, I have forwarded this to our developers to have a look at.

    How useful is it to me as a dev with pretty good CSS skills, I can get themes to look how I want anyway?

    If you are familiar with CSS you will be able to create even more awesome things with Upfront, you can apply global CSS changes or you can just style single elements, so I'll say it's pretty useful :slight_smile:

    How tidy is the code, I had a quick look and saw some pretty long CSS names and a lot of element divs. Typically website builders create messy code which may slow down the website and effect SEO etc, plus its just untidy!! How and does Upfront tackle this?

    Most important things in SEO are titles and content which are not affected by Upfront.

    Also there has been a lot of talk recently about XSS vulnerabilities. Does Upfront use XSS, would a hacker be able to change the front end of my website even easier with all these nice Upfront options?

    As far as I know you are safe from XSS vulnerabilities but let me ping @Jack Kitterhing in here so he can give us some more info about this and SEO questions :slight_smile:

    Best regards,
    Predrag

  • Jack Kitterhing

    Hi there Neil,

    Hope you're well today, XSS, is a security vulnerability, it would allow attackers to inject code into your website, (php, js etc). This is when user input isn't properly escaped before input.

    WordPress provides multiple core functions to stop this https://codex.wordpress.org/Function_Reference/esc_url_raw

    https://codex.wordpress.org/Function_Reference/esc_url

    You may also be interested in this https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html

    I can confirm that Upfront has no security issues such as XSS etc.

    Any questions or concerns we're happy to help. :slight_smile:

    Thanks!

    Kind Regards
    Jack.