aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Duncan <pabs@pablotron.org>2022-02-24 15:29:40 -0500
committerPaul Duncan <pabs@pablotron.org>2022-02-24 15:29:40 -0500
commit15208cf7a4f440a6fc2e9960fa3d798b6d7190c1 (patch)
tree89ef827e59d43de032461fadb21ad32360c8272a
parent70bc9334aad8e2853204da02e5534cbdb6f44431 (diff)
downloadpablotron.org-15208cf7a4f440a6fc2e9960fa3d798b6d7190c1.tar.bz2
pablotron.org-15208cf7a4f440a6fc2e9960fa3d798b6d7190c1.zip
TODO.md: add ideas for improving golang coverage reports, and idea about post about cyclonedx vs spdx
-rw-r--r--TODO.md18
1 files changed, 18 insertions, 0 deletions
diff --git a/TODO.md b/TODO.md
index 39866ab..3266a93 100644
--- a/TODO.md
+++ b/TODO.md
@@ -117,6 +117,24 @@ this stuff may not make any sense.
- trigger `REFERENCING ... AS` (newer PG)
- `COMMENT ON` ...
- `LISTEN/NOTIFY`?
+* CSP-friendly golang coverage reports (see note from k3-notes.txt about
+ relaxing CSP for `pmdn.org/coverage/`)
+ - https://cs.opensource.google/go/go/+/master:src/cmd/cover/html.go
+ - "replace `style='display: none` with `.hide` (shrink html, improve
+ CSP handling)"
+ - "add sha256 hash for `<style>`"
+ - "add sha256 hash for `<script>`"
+ - "add `<meta http-equiv='content-security-policy' ...>`?"
+ - other:
+ - add `title` and maybe `aria-label` attributes to relevant elements
+ - add option to include external stylesheet?
+* compare and contrast cyclonedx vs spdx
+ - (at the moment i like cyclonedx more, it seems less ad-hoc)
+ - https://cyclonedx.org/docs/1.4/json/
+ - https://github.com/spdx/spdx-examples/blob/master/example3/spdx/example3-bin.spdx
+ - go parsers for both are available:
+ - https://github.com/spdx/tools-golang
+ - https://github.com/CycloneDX/cyclonedx-go
## done
* add project folders