Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

May 29, 2019 #165

Closed
buskamuza opened this issue May 21, 2019 · 7 comments

Comments

Projects
None yet
7 participants
@buskamuza
Copy link
Contributor

commented May 21, 2019

Please add your topic as a comment to the issue. Use following format:
Topic description and link to PR, if any (duration in min)

No recording due to technical difficulties.

@kalpmehta

This comment has been minimized.

Copy link

commented May 22, 2019

From Imagine Dev Exchange:
Implicitly escape HTML/JS code to prevent XSS vulnerabilities (15 min)

https://twitter.com/kalpmehta/status/1129121495760789504

@sivaschenko

This comment has been minimized.

Copy link
Contributor

commented May 23, 2019

Search Result Interfaces magento/magento2#20181 (15min)

@sivaschenko

This comment has been minimized.

Copy link
Contributor

commented May 23, 2019

Add a module manager to the Magento Framework API magento/magento2#18748 (15min)

@kokoc

This comment has been minimized.

Copy link
Member

commented May 24, 2019

Webhooks #169 (20 min)

@navarr

This comment has been minimized.

Copy link
Member

commented May 28, 2019

Introduce MessageFormatter syntax and new rules for Phrases #170 (15 min)

@knowj

This comment has been minimized.

Copy link

commented May 29, 2019

Cron proposal #171 (15min)

@melnikovi

This comment has been minimized.

Copy link
Member

commented May 29, 2019

Escaping HTML/JavaScript
@kalpmehta

  • escape getParams, getRequest
  • don't allow to save HTML where you shouldn't have HTML

@AlexMaxHorkun

  • the best practice is to do escaping on output

@knowj

  • should we have better input validation?
  • content security policy?

@kokoc

  • CSP is in backlog for 2.4

CSP is in backlog for 2.4. Need to create proposal for implicit output escaping. @melnikovi sync with @maghamed on imagine discussion and with @buskamuza on templates generation idea cons.

Search Result Interfaces
@kokoc

  • what is the reason to provide empty implementations?

Approved PR. Need to create separate issue to introduce code generation for these classes.

Add module manager to the Magento Framework API
@navarr

  • need to enable/disable some functionality depending on whether particular module exists.
  • hard to manage modules if we have hard dependencies

@antonkril

  • trying to get away from soft dependencies, because they are hard to manage. Move towards hard dependencies.
  • need to understand trade off of having soft dependencies
  • for now it's ok to introduce this interface

@melnikovi

  • remove @api annotation in 2.3-develop branch and introduce in 2.4-develop

Ok to introduce this interface. Remove @api annotation in 2.3-develop branch and introduce in 2.4-develop.

Webhooks
@antonkril

  • why not rely on queues?
  • use cases can be achieved with using message queue.

@kokoc

  • with webhooks we have less messages

Review proposal offline.

Introduce MessageFormatter
Make sure we run performance tests on PR, send PR to PO. Looks good.

Cron proposal
@antonkril

  • need to consider distributed scenarios
  • some tasks shouldn't be run by cron and be part of background processing
  • evolve document, define desired state, then create community project
  • @kandy and @buskamuza will participate from architecture side
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.