This repository has been archived by the owner. It is now read-only.

[WIP] docs(content security): add new chapter #1640

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
6 participants
@wardbell
Contributor

wardbell commented Jun 10, 2016

Not ready to merge but closing in.

@googlebot

This comment has been minimized.

googlebot commented Jun 10, 2016

We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for the commit author(s). If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google.

1 similar comment
@googlebot

This comment has been minimized.

googlebot commented Jun 10, 2016

We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for the commit author(s). If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google.

@googlebot googlebot added the CLA: no label Jun 10, 2016

@googlebot

This comment has been minimized.

googlebot commented Jun 10, 2016

CLAs look good, thanks!

1 similar comment
@googlebot

This comment has been minimized.

googlebot commented Jun 10, 2016

CLAs look good, thanks!

@googlebot googlebot added CLA: yes and removed CLA: no labels Jun 10, 2016

@googlebot

This comment has been minimized.

googlebot commented Jun 10, 2016

We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for the commit author(s). If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google.

1 similar comment
@googlebot

This comment has been minimized.

googlebot commented Jun 10, 2016

We found a Contributor License Agreement for you (the sender of this pull request), but were unable to find agreements for the commit author(s). If you authored these, maybe you used a different email address in the git commits than was used to sign the CLA (login here to double check)? If these were authored by someone else, then they will need to sign a CLA as well, and confirm that they're okay with these being contributed to Google.

@googlebot googlebot added CLA: no and removed CLA: yes labels Jun 10, 2016

@wardbell

This comment has been minimized.

Contributor

wardbell commented Jun 10, 2016

Brian Clark (clarkio, brian@clarkio.com) is covered under the IdeaBlade CLA and is working with me on this chapter. His and my commits are mutually agreed.

@googlebot

This comment has been minimized.

googlebot commented Jun 10, 2016

CLAs look good, thanks!

1 similar comment
@googlebot

This comment has been minimized.

googlebot commented Jun 10, 2016

CLAs look good, thanks!

@naomiblack

This comment has been minimized.

Member

naomiblack commented Jun 14, 2016

I'd like to adjust the tone a bit to avoid high-level direction to the reader "We strongly recommend consulting a security expert at strategic moments in the project timeline." feels a bit pejorative, like "go find a grown-up", and it's not clear who "we" or "a security expert" are. Instead, use something like "Securing a server is a complex topic beyond the scope of this guide. Here are some Angular-specific tips to help you get started." that sticks to the facts.

Also be careful of ambiguous "we", e.g.

 In this chapter we focus on an important part of the security story: ensuring the safety and security of the content we display and the user input we accept.

The authorial "we focus on" is fine, but "the content we display" is unclear -- who is displaying the content? "ensuring the safety and security of the content displayed by an application, and the user input that it accepts".

@naomiblack

This comment has been minimized.

Member

naomiblack commented Jun 15, 2016

I had a look on my dev server and noticed some markdown errors and inline comments. Can we polish this up to publish for RC2?

@naomiblack

This comment has been minimized.

Member

naomiblack commented Jun 15, 2016

This PR has both public/docs/ts/latest/guide/content-security.jade and public/docs/ts/latest/guide/content-security.md -- I think .md is an error and should be deleted? Can @wardbell confirm?

@mprobst

This comment has been minimized.

Contributor

mprobst commented Jun 15, 2016

Hey. Thanks for hacking this up on short notice, looks very good! I'm going to take this PR over and carry it for the last five meters up to completion. So please vacation as hard as you can, we got this :-)

@clarkio

This comment has been minimized.

clarkio commented Jun 16, 2016

@naomiblack we were working off the .md at the time and I believe it was intended to be removed once fully converted in jade.

@mprobst if you happen to have any feedback after running through it please feel free to share. Always enjoy talking security.

@naomiblack

This comment has been minimized.

Member

naomiblack commented Jun 23, 2016

obsolete.

@naomiblack naomiblack closed this Jun 23, 2016

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.