Quality Assistance
• Help devs to deliver value to customers
• Testing and testing advice
• Bug prevention
Setting the Quality Bar
• Tradeoff between time, scope and quality
• Mismatched quality expectations - unhappy customers
Happy Path Fallacy
• “We’ll only worry about the happy path, for now”
• Only test the actions a normal, reasonable user would
perform.
Happy Path Fallacy
• Quality bar defines what you fix, not what you test.
• OK not to support everything.
• Set customer expectations!
Valid Scenarios
• Sample Plugin
• Purpose-built but not contrived
• Completely unrelated to similar plugins on PAC!
• Only a short list, more detail on CAC
Valid Scenarios
• Different browsers
• Layout issues
• Broken functionality
• Behaviour in unsupported browsers
User experience
• Guide users towards the actions they should do.
• Avoid empty boxes - use appropriate controls.
• Help them to avoid mistakes.
• Reading documentation should not be required.
Administration experience
• Clear flow for configuration
• Provide helpful error information
• Don’t show stack traces
• Use logging sparingly
Manual and Automated Testing
• Manual testing
• Fast, effective, broad.
• Only tests the current state.
• Automated testing
• Scalable, sustainable.
• Takes time, limited assertions.
Automated Testing
• Good for long-term regression tests
• Optimise for:
• Scenarios most likely to break
• Integration with code out of your control
• Use page objects for UI tests for maintainability
25
Version Numbering
• Versions are constant
• A version number refers to one state of the code only.
• Never re-release a plugin with the same version number.
How plugins break apps
• XSS
• Inserting user-supplied data into HTML without HTML-
encoding it.
• Allows an attacker to gain control of the victim’s browser.
How plugins break apps
• Insufficient permission checking
• Exposing data to anonymous users
• Not respecting permission schemes
How plugins break apps
• Lack of CSS scoping
• Scope every item in the plugin CSS
• Avoid overriding built-in styles
• Lack of JavaScript scoping
(function () {
// code goes here
})();