TODO.md: add ideas for improving golang coverage reports, and idea about post about cyclonedx vs spdx

1 files changed, 18 insertions, 0 deletions

diff --git a/TODO.md b/TODO.md
index 39866ab..3266a93 100644
--- a/TODO.md
+++ b/TODO.md
@@ -117,6 +117,24 @@ this stuff may not make any sense.
   - trigger `REFERENCING ... AS` (newer PG)
   - `COMMENT ON` ...
   - `LISTEN/NOTIFY`?
+* CSP-friendly golang coverage reports (see note from k3-notes.txt about
+  relaxing CSP for `pmdn.org/coverage/`)
+  - https://cs.opensource.google/go/go/+/master:src/cmd/cover/html.go
+  - "replace `style='display: none` with `.hide` (shrink html, improve
+    CSP handling)"
+  - "add sha256 hash for `<style>`"
+  - "add sha256 hash for `<script>`"
+  - "add `<meta http-equiv='content-security-policy' ...>`?"
+  - other:
+    - add `title` and maybe `aria-label` attributes to relevant elements
+    - add option to include external stylesheet?
+* compare and contrast cyclonedx vs spdx
+  - (at the moment i like cyclonedx more, it seems less ad-hoc)
+  - https://cyclonedx.org/docs/1.4/json/
+  - https://github.com/spdx/spdx-examples/blob/master/example3/spdx/example3-bin.spdx
+  - go parsers for both are available:
+    - https://github.com/spdx/tools-golang
+    - https://github.com/CycloneDX/cyclonedx-go
 
 ## done
 * add project folders