Any time you’re using potentially unsafe data, it never hurts to validate and sanitize it. Validating is confirming the data is what you expect it to be. Sanitization is a more liberal approach to cleaning your data.
Whenever you’re rendering data from the database, you’ll want to make sure it’s properly escaped. Escaping helps prevent issues like cross-site scripting.
I am currently a single point of failure for getting code from our Github repo to WordPress.com VIP SVN. As such, we (Fusion) are exploring a project to auto-deploy our Github repository to VIP SVN through post-CI middleware. But, before we dive into development, we want to make sure we’ve exhausted all lower-effort options. How does your […]
SRCCON was my favorite conference last year, and in the running for favorite conference of all time. I liked it so much I’ve submitted two proposals for this year. You should too! Submissions are open until April 10th. Continous Integration for Content There’s lots of little attributes which define the “quality” of a piece of […]
How we use Github to release quality code at Fusion. Davis’ writeup is everything I’ve always wanted to communicate about my preferred feature branch workflow.
Maslow’s pyramid of code review. Great visual depiction of the layers of detail you can go into with your code review. Worth bookmarking, and reading again periodically.
Effective Technical Leadership. Rich with usable attributes and actions.
We did a second pass at our code review meetup — last night turned out much better than the first. The high point for me: most of the “presentation” was, in fact, discussion. The latter proved to be way more valuable for everyone, as most of the twenty people in the room don’t do code review […]
Advantages of pre-deploy code review, over post-deploy audit: Authors have a strong incentive to craft small, well-formed changes that will be readily understood, to explain them adequately, and to provide appropriate test plans, test coverage and context. Reviewers have a real opportunity to make significant suggestions about architecture or approach in review. These suggestions are […]
Open-sourcing the Code Comments Trac plugin. It’s Github, in your Trac. Go VIP!