Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

May 29, 2019 #165

Closed
buskamuza opened this issue May 21, 2019 · 7 comments
Closed

May 29, 2019 #165

buskamuza opened this issue May 21, 2019 · 7 comments
Labels
meeting notes Topic requests and notes from meetings

Comments

@buskamuza
Copy link
Contributor

buskamuza commented May 21, 2019
edited
Loading

Please add your topic as a comment to the issue. Use following format:
Topic description and link to PR, if any (duration in min)

No recording due to technical difficulties.
@buskamuza buskamuza added the meeting notes Topic requests and notes from meetings label May 21, 2019
@kalpmehta
Copy link

From Imagine Dev Exchange:
Implicitly escape HTML/JS code to prevent XSS vulnerabilities (15 min)

https://twitter.com/kalpmehta/status/1129121495760789504

@sivaschenko
Copy link
Member

Search Result Interfaces magento/magento2#20181 (15min)

@sivaschenko
Copy link
Member

Add a module manager to the Magento Framework API magento/magento2#18748 (15min)

@sivaschenko sivaschenko mentioned this issue May 23, 2019
Merged
@kokoc
Copy link
Member

kokoc commented May 24, 2019

Webhooks #169 (20 min)

@navarr
Copy link
Member

navarr commented May 28, 2019

Introduce MessageFormatter syntax and new rules for Phrases #170 (15 min)

@knowj
Copy link
Contributor

knowj commented May 29, 2019

Cron proposal #171 (15min)

@melnikovi
Copy link
Member

melnikovi commented May 29, 2019
edited
Loading

Escaping HTML/JavaScript
@kalpmehta

  • escape getParams, getRequest
  • don't allow to save HTML where you shouldn't have HTML

@AlexMaxHorkun

  • the best practice is to do escaping on output

@knowj

  • should we have better input validation?
  • content security policy?

@kokoc

  • CSP is in backlog for 2.4

CSP is in backlog for 2.4. Need to create proposal for implicit output escaping. @melnikovi sync with @maghamed on imagine discussion and with @buskamuza on templates generation idea cons.

Search Result Interfaces
@kokoc

  • what is the reason to provide empty implementations?

Approved PR. Need to create separate issue to introduce code generation for these classes.

Add module manager to the Magento Framework API
@navarr

  • need to enable/disable some functionality depending on whether particular module exists.
  • hard to manage modules if we have hard dependencies

@antonkril

  • trying to get away from soft dependencies, because they are hard to manage. Move towards hard dependencies.
  • need to understand trade off of having soft dependencies
  • for now it's ok to introduce this interface

@melnikovi

  • remove @api annotation in 2.3-develop branch and introduce in 2.4-develop

Ok to introduce this interface. Remove @api annotation in 2.3-develop branch and introduce in 2.4-develop.

Webhooks
@antonkril

  • why not rely on queues?
  • use cases can be achieved with using message queue.

@kokoc

  • with webhooks we have less messages

Review proposal offline.

Introduce MessageFormatter
Make sure we run performance tests on PR, send PR to PO. Looks good.

Cron proposal
@antonkril

  • need to consider distributed scenarios
  • some tasks shouldn't be run by cron and be part of background processing
  • evolve document, define desired state, then create community project
  • @kandy and @buskamuza will participate from architecture side

@sivaschenko sivaschenko mentioned this issue May 29, 2019
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
meeting notes Topic requests and notes from meetings
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@navarr @kokoc @buskamuza @sivaschenko @knowj @melnikovi @kalpmehta