Security issue and unnecessary code
-
Just some recommendations here. The headers should be added with send_headers… Especially the X-UA one.
wp_headersis ran inside thesend_headers()function before a cache check is done. So it won’t necessarily get sent if the page has already been statically cached…Example including x-ua-compatible using send_headers
is_admin() || add_action('send_headers', function(){ header('X-UA-Compatible: IE=edge,chrome=1'); });As for the the html5 shim there’s a lot of unnecessary code. IE conditionals aren’t recognized above IE9 so this code essentially does nothing but add to the page load:
<!--[if !IE]> <script src="//html5shiv-printshiv.googlecode.com/svn/trunk/html5shiv-printshiv.js"></script> <![endif]--> <!--[if IE 13]> <script src="//html5shiv-printshiv.googlecode.com/svn/trunk/html5shiv-printshiv.js"></script> <![endif]--> <!--[if IE 12]> <script src="//html5shiv-printshiv.googlecode.com/svn/trunk/html5shiv-printshiv.js"></script> <![endif]--> <!--[if IE 11]> <script src="//html5shiv-printshiv.googlecode.com/svn/trunk/html5shiv-printshiv.js"></script> <![endif]--> <!--[if IE 10]> <script src="//html5shiv-printshiv.googlecode.com/svn/trunk/html5shiv-printshiv.js"></script> <![endif]-->Also, it’s good for plugins to not use
wp_headto include scripts. This way incase another plugin or theme includes this they will be able to dequeue the script. Plus wordpress has a built in way to do add the conditionals…Example:
add_action('wp_enqueue_scripts', 'my_plugin_shim_fix', 99); function my_plugin_shim_fix() { wp_enqueue_script( 'html5shiv', 'https://cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js', array( '' ), '3.7.2', false ); wp_scripts()->add_data( 'html5shiv', 'conditional', 'lte IE 9' ); }Hope this helps 🙂
https://wordpress.org/plugins/wp-ie-enhancer-and-modernizer/
- The topic ‘Security issue and unnecessary code’ is closed to new replies.
