Excerpts from Marius Gedminas's message of Thu Dec 30 17:16:21 -0300 2010: > On Thu, Dec 30, 2010 at 04:24:05PM -0300, Mariano Mara wrote: > > Excerpts from Marius Gedminas's message of Thu Dec 30 15:55:33 -0300 2010: > > > On Thu, Dec 30, 2010 at 01:41:45AM -0500, Chris McDonough wrote: > > > > Is anyone interested in leading a task to give WebOb 100% test coverage? > > > > It's a fairly large task, inglorious, and boring, but straightforward > > > > and will help *lots* of people inside and outside the Pylons community. > > > > > > > > If so, please respond here. > > > > > > I wouldn't mind giving this a push, if time permits. > > (I meant writing tests, not coordinating the effort. I lack > time and leadership skills for the latter.)
I'm not in better shape than you but let me propose something to see if it's doable. > > > > The upstream repository is https://bitbucket.org/ianb/webob/. I suppose > > > we should submit patches via bitbucket pull requests? > > > > That's how I did it so I hope you're right. I already added tests for > > webob.html_escape and webob.datetime_utils and I'm working on > > webob.cookies right now [1]. > > > > Would you like to lead and distribute the workload? It would be great so > > we can prevent duplication of effort. > > That's a bit ironic: I spent about an hour writing tests for > html_escape, without noticing your email, resulting in duplicated > effort. > > See > > https://bitbucket.org/mgedmin/webob/changeset/367603e5138b > > compare with > > > https://bitbucket.org/mgedmin/webob/changeset/ed29414cd65b#chg-tests/html_escape.txt > > I like mine maybe a bit better -- it has descriptions, and, I think, > tests a few more cases. *shrug* > Since both Gael and you have already invested time with html_escape I would say we keep both versions. I guess having some duplicate tests wouldn't hurt. I deleted my version since your versions are far more complete. > My repository currently has two unmerged heads, and I'm uncertain what > to do about it. > > I like to suggest the following plan: so far Danny, Kyle, you and me volunteer. I would like to pull your last changes and merge them in my repo, run the tests and distribute the remaining untested lines of code in equal parts between the four of us (my less than superficial knowledge of webob prevents me from suggesting a more clever way to do it but if somebody have a better idea I will gladly accept it). I can subscribe to your repos, pull and merge changes in mine and run the tests with python 2.4 and up. Once we are all done, I can make a pull request from webob. Sounds reasonable? > Incidentally, one thing I noticed during this exercise was that > WebOb.html_escape("'") doesn't escape the '. This can be considered a > security issue, see http://www.cvedetails.com/cve/CVE-2010-2480/ Can we provide fixes too or the idea is to provide only the tests? Mariano -- You received this message because you are subscribed to the Google Groups "pylons-devel" group. To post to this group, send email to pylons-de...@googlegroups.com. To unsubscribe from this group, send email to pylons-devel+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-devel?hl=en.
