Confirmed users
2,196
edits
QA/Execution/Web Testing/Project Checklist: Difference between revisions
Jump to navigation
Jump to search
QA/Execution/Web Testing/Project Checklist (view source)
Revision as of 01:54, 24 February 2012
, 24 February 2012→Security
| (11 intermediate revisions by 3 users not shown) | |||
| Line 15: | Line 15: | ||
**Appropriate fallback in place and working? | **Appropriate fallback in place and working? | ||
***No Flash | ***No Flash | ||
***Firefox 3.6+ | |||
***Firefox 3.6 | |||
***IE 7/8/9 | ***IE 7/8/9 | ||
***Opera (latest) | ***Opera (latest) | ||
| Line 24: | Line 22: | ||
***Latest Firefox beta | ***Latest Firefox beta | ||
=General= | = General = | ||
*If this is an outsourced project, a test plan and the test cases that the consultants used to validate their work should be included in the hand-off process. | |||
*In URL paths, / and "" (without the trailing slash) both resolve to the same URI/resource | *In URL paths, / and "" (without the trailing slash) both resolve to the same URI/resource | ||
*HTML validates: http://html5.validator.nu/ | *HTML validates: http://html5.validator.nu/ or http://validator.w3.org/ | ||
**Exceptions can be made for social-network/sharing sites, that may have malformed tags or markup | **Exceptions can be made for social-network/sharing sites, that may have malformed tags or markup | ||
*Is the robots.txt file configured correctly to prevent bots from spidering to nonsensical pages? ([https://bugzilla.mozilla.org/show_bug.cgi?id=665231 example])<br> | |||
=RSS Feeds= | =RSS Feeds= | ||
| Line 55: | Line 55: | ||
*Doesn't tank on [http://developer.yahoo.com/yslow/ YSlow!] (Strive for an A with ruleset v2) | *Doesn't tank on [http://developer.yahoo.com/yslow/ YSlow!] (Strive for an A with ruleset v2) | ||
**CDN is hooked up, if needed (static images, CSS, JS, videos) -- see "Site Config" section, too, below | **CDN is hooked up, if needed (static images, CSS, JS, videos) -- see "Site Config" section, too, below | ||
*Load-tested, if needed? | *'''Load-tested, if needed? Make sure to bring this up''' | ||
=Accessibility= | =Accessibility= | ||
| Line 62: | Line 62: | ||
=JavaScript-disabled= | =JavaScript-disabled= | ||
*Does the site support JavaScript disabled? If so, where? | *Does the site support JavaScript disabled? If so, where? | ||
**What's the user messaging? | |||
=Security= | =Security= | ||
* | * Complete the following (taken from [[WebAppSec/Secure_Coding_QA_Checklist]]) | ||
** [[WebAppSec/Secure_Coding_QA_Checklist#Test: Input Validation For User Controlled Data|Test: Input Validation For User Controlled Data]] | |||
** [[WebAppSec/Secure_Coding_QA_Checklist#Test: SQL Injection|Test: SQL Injection]] | |||
** [[WebAppSec/Secure_Coding_QA_Checklist#Test: Output Encoding For User Controlled Data|Test: Output Encoding For User Controlled Data]] | |||
** [[WebAppSec/Secure_Coding_QA_Checklist#Test: CSRF|Test: CSRF]] | |||
** [[WebAppSec/Secure_Coding_QA_Checklist#Test: Account Lockout -- INACTIVE|Test: Account Lockout -- INACTIVE]] | |||
** [[WebAppSec/Secure_Coding_QA_Checklist#Test: X-Frame-Options|Test: X-Frame-Options]] | |||
*Runs on both HTTP / HTTPS? Mixed-content warnings? Cert set up? | *Runs on both HTTP / HTTPS? Mixed-content warnings? Cert set up? | ||
**Should HTTP requests get automatically redirected to HTTPS, by default? | **Should HTTP requests get automatically redirected to HTTPS, by default? | ||
| Line 78: | Line 85: | ||
#Listed on https://wiki.mozilla.org/QA/Execution/Web_Testing#Current_Projects | #Listed on https://wiki.mozilla.org/QA/Execution/Web_Testing#Current_Projects | ||
#Regular status meetings | #Regular status meetings | ||
# IRC channel? | |||
#If needed, a tracking bug with dependencies set for other groups' work (IT, Webdev, Marketing, etc.) | #If needed, a tracking bug with dependencies set for other groups' work (IT, Webdev, Marketing, etc.) | ||
#Make sure to schedule a brief meeting where all parties (Marketing/Webdev/QA) are present and discuss the open issues, and any last-minute (but necessary) changes | #Make sure to schedule a brief meeting where all parties (Marketing/Webdev/QA) are present and discuss the open issues, and any last-minute (but necessary) changes | ||
#Ask for PRDs, user-flow diagrams, testing notes | |||
#Are the third-party developers cc:d on all relevant bugs? If possible (i.e. not "mozilla-confidential" flagged), have them follow the Bugzilla component (and make sure they have accounts). | #Are the third-party developers cc:d on all relevant bugs? If possible (i.e. not "mozilla-confidential" flagged), have them follow the Bugzilla component (and make sure they have accounts). | ||
#Has a push bug, and a release checklist, even if you don't think they need it (they do) | #Has a push bug, and a release checklist, even if you don't think they need it (they do) | ||
| Line 89: | Line 98: | ||
* Bug is triaged for severity, priority and assigned to a target milestone | * Bug is triaged for severity, priority and assigned to a target milestone | ||
* Bug is fixed in work based on next target milestone release | * Bug is fixed in work based on next target milestone release | ||
** Dev puts bug# in git comment | |||
** Dev puts commit url in bugzilla comment | |||
* Dev marks bug RESOLVED:FIXED | * Dev marks bug RESOLVED:FIXED | ||
* Tester verifies bug on stage, bug marked RESOLVED:VERIFIED | * Tester verifies bug on stage, bug marked RESOLVED:VERIFIED | ||
* Code is deployed to production | * Code is deployed to production | ||
* Tester verifies bug | * Tester verifies bug | ||
* Tester verifies deployment | * Tester verifies deployment/push/server-ops bug | ||
Devs may fix bugs before triage, they should update Target Milestone to the next release. | Devs may fix bugs before triage, they should update Target Milestone to the next release. | ||
| Line 101: | Line 112: | ||
=Site Config= | =Site Config= | ||
*Make sure you get Django-traceback emails | *Make sure you get Django-traceback emails, on both prod and trunk/staging | ||
*Any vanity domains? Registered/set up, and working? | *Any vanity domains? Registered/set up, and working? | ||
*Has a favicon? That works in IE, too? | *Has a favicon? That works in IE, too? | ||