Confirmed users
2,196
edits
QA/Execution/Web Testing/Project Checklist: Difference between revisions
QA/Execution/Web Testing/Project Checklist (view source)
Revision as of 01:54, 24 February 2012
, 24 February 2012→Security
(→Tools) |
|||
| (19 intermediate revisions by 3 users not shown) | |||
| Line 15: | Line 15: | ||
**Appropriate fallback in place and working? | **Appropriate fallback in place and working? | ||
***No Flash | ***No Flash | ||
***Firefox 3.6+ | |||
***Firefox 3.6 | |||
***IE 7/8/9 | ***IE 7/8/9 | ||
***Opera (latest) | ***Opera (latest) | ||
| Line 24: | Line 22: | ||
***Latest Firefox beta | ***Latest Firefox beta | ||
=General= | = General = | ||
*If this is an outsourced project, a test plan and the test cases that the consultants used to validate their work should be included in the hand-off process. | |||
*In URL paths, / and "" (without the trailing slash) both resolve to the same URI/resource | *In URL paths, / and "" (without the trailing slash) both resolve to the same URI/resource | ||
*HTML validates: http://html5.validator.nu/ | *HTML validates: http://html5.validator.nu/ or http://validator.w3.org/ | ||
**Exceptions can be made for social-network/sharing sites, that may have malformed tags | **Exceptions can be made for social-network/sharing sites, that may have malformed tags or markup | ||
*Is the robots.txt file configured correctly to prevent bots from spidering to nonsensical pages? ([https://bugzilla.mozilla.org/show_bug.cgi?id=665231 example])<br> | |||
=RSS Feeds= | =RSS Feeds= | ||
| Line 41: | Line 41: | ||
=Social media= | =Social media= | ||
* Facebook | * Facebook | ||
**Private or public? If private | **Private or public? If private: sandboxed, or test accounts? | ||
**Test with "Secure browsing (https)" on https://www.facebook.com/editaccount.php?ref=mb&drop enabled and disabled | **Test with "Secure browsing (https)" (on https://www.facebook.com/editaccount.php?ref=mb&drop) enabled and disabled | ||
* Twitter | * Twitter | ||
* Enable "HTTPS Only | Always use HTTPS" | ** Enable "HTTPS Only | Always use HTTPS" (https://twitter.com/settings/account) | ||
** Length of pre-populated tweets in en-US and other locales (l10n) | ** Length of pre-populated tweets in en-US and other locales (l10n) | ||
** Unescaped vs. escaped characters (string literals) | ** Unescaped vs. escaped characters (string literals) | ||
| Line 55: | Line 55: | ||
*Doesn't tank on [http://developer.yahoo.com/yslow/ YSlow!] (Strive for an A with ruleset v2) | *Doesn't tank on [http://developer.yahoo.com/yslow/ YSlow!] (Strive for an A with ruleset v2) | ||
**CDN is hooked up, if needed (static images, CSS, JS, videos) -- see "Site Config" section, too, below | **CDN is hooked up, if needed (static images, CSS, JS, videos) -- see "Site Config" section, too, below | ||
*Load-tested, if needed? | *'''Load-tested, if needed? Make sure to bring this up''' | ||
=Accessibility= | =Accessibility= | ||
| Line 62: | Line 62: | ||
=JavaScript-disabled= | =JavaScript-disabled= | ||
*Does the site support JavaScript disabled? If so, where? | *Does the site support JavaScript disabled? If so, where? | ||
**What's the user messaging? | |||
=Security= | =Security= | ||
* | * Complete the following (taken from [[WebAppSec/Secure_Coding_QA_Checklist]]) | ||
** [[WebAppSec/Secure_Coding_QA_Checklist#Test: Input Validation For User Controlled Data|Test: Input Validation For User Controlled Data]] | |||
** [[WebAppSec/Secure_Coding_QA_Checklist#Test: SQL Injection|Test: SQL Injection]] | |||
** [[WebAppSec/Secure_Coding_QA_Checklist#Test: Output Encoding For User Controlled Data|Test: Output Encoding For User Controlled Data]] | |||
** [[WebAppSec/Secure_Coding_QA_Checklist#Test: CSRF|Test: CSRF]] | |||
** [[WebAppSec/Secure_Coding_QA_Checklist#Test: Account Lockout -- INACTIVE|Test: Account Lockout -- INACTIVE]] | |||
** [[WebAppSec/Secure_Coding_QA_Checklist#Test: X-Frame-Options|Test: X-Frame-Options]] | |||
*Runs on both HTTP / HTTPS? Mixed-content warnings? Cert set up? | *Runs on both HTTP / HTTPS? Mixed-content warnings? Cert set up? | ||
**Should HTTP requests get automatically redirected to HTTPS, by default? | **Should HTTP requests get automatically redirected to HTTPS, by default? | ||
| Line 78: | Line 85: | ||
#Listed on https://wiki.mozilla.org/QA/Execution/Web_Testing#Current_Projects | #Listed on https://wiki.mozilla.org/QA/Execution/Web_Testing#Current_Projects | ||
#Regular status meetings | #Regular status meetings | ||
# IRC channel? | |||
#If needed, a tracking bug with dependencies set for other groups' work (IT, Webdev, Marketing, etc.) | #If needed, a tracking bug with dependencies set for other groups' work (IT, Webdev, Marketing, etc.) | ||
#Make sure to schedule a brief meeting where all parties (Marketing/Webdev/QA) are present and discuss the open issues, and any last-minute (but necessary) changes | #Make sure to schedule a brief meeting where all parties (Marketing/Webdev/QA) are present and discuss the open issues, and any last-minute (but necessary) changes | ||
#Ask for PRDs, user-flow diagrams, testing notes | |||
#Are the third-party developers cc:d on all relevant bugs? If possible (i.e. not "mozilla-confidential" flagged), have them follow the Bugzilla component (and make sure they have accounts). | #Are the third-party developers cc:d on all relevant bugs? If possible (i.e. not "mozilla-confidential" flagged), have them follow the Bugzilla component (and make sure they have accounts). | ||
#Has a push bug, and a release checklist, even if you don't think they need it (they do) | #Has a push bug, and a release checklist, even if you don't think they need it (they do) | ||
== Optimal Bugzilla Workflow == | |||
Each project can be different, but please use this flow if starting a new project: | |||
* A bug is filed in the correct product/component | |||
* Bug is triaged for severity, priority and assigned to a target milestone | |||
* Bug is fixed in work based on next target milestone release | |||
** Dev puts bug# in git comment | |||
** Dev puts commit url in bugzilla comment | |||
* Dev marks bug RESOLVED:FIXED | |||
* Tester verifies bug on stage, bug marked RESOLVED:VERIFIED | |||
* Code is deployed to production | |||
* Tester verifies bug | |||
* Tester verifies deployment/push/server-ops bug | |||
Devs may fix bugs before triage, they should update Target Milestone to the next release. | |||
Whiteboard may be used for various reasons: | |||
* [good first bug] - Communicates a contributor opportunity | |||
=Site Config= | =Site Config= | ||
*Make sure you get Django-traceback emails | *Make sure you get Django-traceback emails, on both prod and trunk/staging | ||
*Any vanity domains? Registered/set up, and working? | *Any vanity domains? Registered/set up, and working? | ||
*Has a favicon? That works in IE, too? | *Has a favicon? That works in IE, too? | ||