survival / donation-system-webapp Goto Github PK
View Code? Open in Web Editor NEW:computer: :iphone: :desktop_computer: Web UI for Survival's donation system
Home Page: https://donation-system-production.herokuapp.com/
License: MIT License
:computer: :iphone: :desktop_computer: Web UI for Survival's donation system
Home Page: https://donation-system-production.herokuapp.com/
License: MIT License
See our contributing guides.
Sinatra comes with some protection out of the box, but still there are some extra things we can do:
Input validation:
Input sanitization:
Output Escaping
ERB::Util
method html_escape
(aliased as the shorter h
) on the params received from the form before sending them to Stripe/Salesforce/etc.. See: http://ruby-doc.org/stdlib-1.9.3/libdoc/erb/rdoc/ERB/Util.html#method-c-h. Not too sure about this though, it's meant to be used more when spitting data to a view.Setting up CSP:
get '/foo' do
headers['Content-Security-Policy'] = 'script-src none'
<meta http-equiv="Content-Security-Policy" content="script-src none">
Using HttpOnly cookies:
Some useful guides:
See our contributing guides.
Ask if ok to submit a form with neither of gift-aid checkboxes checked.
If not, can we enable a default e.g. always yes
See our contributing guides.
It would be nice to have a new account for GA now that we are going to do a rewrite.
This is so that new data is not mixed with old data.
Also, the goals etc. are probably going to be different.
I have created a test GA account with our main account. We can use that and this repo to tune the configuration.
See our contributing guides.
Script will fail if required utilities such as npm
and wget
are not present on the system.
Presently, the script will carry on with the rest of the commands but it should halt if any of the previous commands fail.
(update by @octopusinvitro)
Update the README section "To initialise the project" right after the title to indicate that wget
and npm
and ruby
need to be installed to use the application. Provide helpful links, for example:
wget
: mac | ubuntunpm
: node version manager | node and npmruby
: rbenv managerSee our contributing guides.
Discussion open on incorporating Elm or not:
I don't think we should incorporate the new shiny technology just because it's shiny, but because it will solve a problem for us.
This should check that the form can't be submitted if required fields are not filled in.
Just to be clear, there is no need to use javascript for this as the browser is equipped with validation logic. This is achieved by adding a required
attribute to the field.
There might be other validations that we want to do apart from presence. For example, max="999"
in the security code field. Hence this ticket to tackle the problem separately.
See our contributing guides.
See our contributing guides.
Add autoprefixer so that vendor prefixes are added where needed.
At the moment, the select
element for the credit card expiry year in the donation form is hardcoded to show 18 years in advance from the current year. This has to be calculated automatically. We want to do it in the backend.
See our contributing guides.
Look into more human friendly solutions as the 'I am not a robot' thing has confused supporters in the past.
If we can't find one, maybe we will need to implement something simple that generates an image and compares the number
See our contributing guides.
This is a business requirement because the supporter team wants to be able to separate them so that they can use "Dear blah" in Mailchimp templates.
For the id
and name
of the input, check names under autocomplete
for given name and family name
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/Input
See our contributing guides.
Should the deploy logic be extracted out of the webapp or does it make sense to have it live here?
It's a very specific deploy workflow, adapted to this specific webapp in particular.
Ruby 2.5 is out:
https://www.ruby-lang.org/en/news/2017/12/25/ruby-2-5-0-released/
Our current Ruby version is 2.4.1. Switch the Ruby version to 2.5.0
bundler
gem for that version: gem install bundler
.bundle install
and check that the tests and the app work correctly.bundle update GEMNAME
.travis.yml
fileSee our contributing guides.
I think it could make sense to try and serve a basic page when users are not connected to the internet, something that informs you that you can not do a donation at the moment but you can try again once you have internet back.
Discussion open on what to present the user with. Maybe the content of that page is more of a UX person decision, but it doesn't hurt to start thinking about it ourselves.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.