314
edits
Litmus:DevelopersNotes: Difference between revisions
Jump to navigation
Jump to search
no edit summary
Zachlipton (talk | contribs) No edit summary |
Zachlipton (talk | contribs) No edit summary |
||
| Line 16: | Line 16: | ||
One important note: to prevent cross-site scripting attacks, it's important that any information coming from the database be "filtered," such that any HTML tags are properly escaped. To do this, just use the FILTER command when mentioning a template variable. In other words, the example above should really be written as <code>[% test.testid FILTER html %]</code>. Other filters exist for more specialized situations, such as "js" and "testdata" (which allows only a specific list of html tags that are allowed to appear in testcases). When in doubt, filter it. | One important note: to prevent cross-site scripting attacks, it's important that any information coming from the database be "filtered," such that any HTML tags are properly escaped. To do this, just use the FILTER command when mentioning a template variable. In other words, the example above should really be written as <code>[% test.testid FILTER html %]</code>. Other filters exist for more specialized situations, such as "js" and "testdata" (which allows only a specific list of html tags that are allowed to appear in testcases). When in doubt, filter it. | ||
== Formats == | |||
Testcases are rather difficult documents to store in databases; the sorts of fields that apply to a manual functional test (e.g. steps and expected results) don't really apply to an automated XUL test where fields like XUL and JavaScript would be more appropriate. Furthermore, the display of tests can depend on the format; a manual testcase should provide a listing of steps, while a topsite testcase should provide only a hyperlink, and a fully automated test should just provide a link to run the test. As such, Litmus provides the format mechanism, which allows for arbitrary storage and formatting of test data. | Testcases are rather difficult documents to store in databases; the sorts of fields that apply to a manual functional test (e.g. steps and expected results) don't really apply to an automated XUL test where fields like XUL and JavaScript would be more appropriate. Furthermore, the display of tests can depend on the format; a manual testcase should provide a listing of steps, while a topsite testcase should provide only a hyperlink, and a fully automated test should just provide a link to run the test. As such, Litmus provides the format mechanism, which allows for arbitrary storage and formatting of test data. | ||
| Line 27: | Line 27: | ||
Note that the format API is still under development as Litmus evolves. | Note that the format API is still under development as Litmus evolves. | ||
== Where to find stuff == | |||
Most of the files in the Litmus codebase are fairly self-explanatory. Here's a short guide to where things are kept. | Most of the files in the Litmus codebase are fairly self-explanatory. Here's a short guide to where things are kept. | ||