Closed itscooper closed 4 years ago
Items to fix:
/
terminating lines need to be removed and appropriate fixed up for markdown (it's likely a spot that requires a double line-feed prior to an image or other element).'
they should just be restored.\$
should become $
@
should become @
images/image.ext
. (Images in a folder along side the relevant content. [Even if that means duplicates in the overall project.])[[1]]
Footer ref: [1]: http://example.org
(Also note with this style the footnote doesn't actually display in the web rendered markdown, so there's no need for a "References" heading that would endup blank.)Note: If you need examples of the above items, the latest versions of chapters 1, 2, and soon 3 should have it.
I've been trying to come up with a non-HTML way to handle foot notes. Anyone got any ideas?
Initially I had hoped to use something like this for the superscript part https://gist.github.com/molomby/9bc092e4a125f529ae362de7e46e8176 but that didn't pan out.
I then learned that some markdown supports ^
for superscript, but that doesn't seem applicable to GFM.
(Note for both of the above there's a small chance I did something wrong, I'll admit I was rushing.)
My current suggestion would be to use ¹
type entity codes for the super script and then level 6 headings at the end of the document to provide the in page anchors. So for example, in content: [¹](#foot1)
at the end of the doc:
###### foot1
Some footnote goes here
(Obviously "foot1" could be something more descriptive.) Here's a working example: https://gist.github.com/kingthorin/b723c4549aa36bad8dbdda185fed1ae0
The downside to that is when we get into two digit footer identifiers, you have to use two entities. Not the end of the world but it starts to get messy.
I guess we could try to move away from footnotes to some sort of in-line note.
I'm open to thoughts/suggestions.
To see the type of content this would apply to check the current section 2: https://github.com/OWASP/OWASP-Testing-Guide-v5/blob/master/document/2%20Introduction/2%20Introduction.md
Re: footnotes, the other option is to just have a end/bottom of page section for references and link the section heading not the individual notes. (Could use ordered list(s), in order to maintain numeric associations.)
Why didn't this work: https://gist.github.com/molomby/9bc092e4a125f529ae362de7e46e8176
There is no easy solution. I would only use those in mathematical functions if need be. References should be done as such: Some text [2]
where is 2 is the number reference. No need to use superscript for this. In whitepapers it's done as such as well.
Footnotes can be switched with anything really, it's just a section title in here.
Why didn't this work: https://gist.github.com/molomby/9bc092e4a125f529ae362de7e46e8176
They wouldn't display for me (could be a Firefox issue, but if it's an issue in one major browser then it essentially doesn't work IMHO).
You don't think this looks a little [weird][2]?
Or like this [[3]]?
[2]:http://example.com
[3]:http://example.org
Without the footnote or ref number actually being visible (2):
You don't think this looks a little weird? Or like this [3]?
I guess 3 isn't so bad???? Though they still aren't displayed (on github anyway), I guess if we republished elsewhere that would be fine (or manageable).
I am talking about the 3
example, guess you already got it π Yeah that's another discussion about re-publishing, even though I believe that convention is widely used in whitepapers and not in books.
Ok, I'm good with us settling on that. I'll tweak my post above and do a PR for sections 1, 2, 3, and the start of 4 later this weekend.
Thanks @ThunderSon
Hello all, I'd like to try some of the cleanup of the links / images in section 4 in general. Is there any work currently being done for link cleanup in section 4? (just so I don't conflict with an equivalent effort) Thanks!
I donβt have anything on the go aside from existing PRs, and no further short terms plans.
Thanks for the note. I've started clicking through with the sole purpose of looking for links and images broken due to conversion specifically. Section 4.1 looks OK, and I'm starting to list out the issues in section 4.2.
I'll get something together for the minor fixes over the next 3 days. (Again, specifically with the scope of section 4 links broken from conversion. We fling the words "out of scope" so often at my work that it's baked in to how I work now...)
@patrickceg Some 4.10 tweaks are queued up here: https://github.com/OWASP/OWASP-Testing-Guide-v5/pull/57 some 4.2 footnote changes are in-flight here: https://github.com/OWASP/OWASP-Testing-Guide-v5/pull/59/ Older 4.1 and 4.2 tweaks: https://github.com/OWASP/OWASP-Testing-Guide-v5/pull/41 Otherwise there's plenty of subsections of chapter 4 that need attention.
I had originally suggested images be at the top of the chapter, but now I think it's best to have an images directory at the same level as the content. (Thoughts? Ex: document/4 Web Application Security Testing/4.10 Testing for weak Cryptography/images/SSL_Certificate_Validity_Testing_Firefox_Warning.gif
vs document/4 Web Application Security Testing/images/SSL_Certificate_Validity_Testing_Firefox_Warning.gif
)
@kingthorin On lumping in a folder structure change: I'm not sure if it happens much in group document projects, but with a codebase, if you lump a whole lot of different modifications together, you get giant pull requests no one wants to look at. Even if they do look, they're looking for so many things at once that the quality of the review goes down. This issue #10 only talks about making the links and images work again, and I'm not comfortable going down the rabbit hole of flipping the conventions at the same time, without at least redefining this issue.
I haven't skimmed enough of the guide as it is to decide. Here's some considerations:
EDIT: Until that decision is made, I'll therefore make the repairs to section 4 except for sections 4.10, 4.1, 4.2, and whatever has a different open pull request with comments on the time I start. (If it's a pull request that looks like it's about to merge and doesn't have major ccomments, I'll resolve the merge conflict on my own branch.)
@patrickceg all good points.
We want to remain consistent, so those kinds of instructions (where to put images, etc) should go in the contribution guide.
Exactly, hence I was trying to have us come up with the choice. As things currently sit there are no images aside from the few I'd already fixed. Luckily those done so far were in early chapters where there aren't subsections so it hasn't been relevant. The PR for 4.10 establishes a subsection images directory so I guess in the absence of a decision I'll make it for the project until there's some debate or descenting opinion. (Images in a folder along side the relevant content. [Even if that means duplicates in the overall project.])
What do you think about breaking down this issue. Let's make this a milestone/project, and start assigning issues to it. This is just way too unorganized, and as such, the above discussion erupted. I believe you agreed that no file structure changes should be done, and I agree to that.
@kingthorin I believe we need to prioritize our points. Let's move this to slack π
Itβs not a change itβs a decision about how itβs going to be, because right now the images donβt exist or have a home at all.
Currently there is an images folder in the top layer folder of each chapter. There is a place for the images to exist ... I agree though it's mainly about taking the decision. I already sent my point of view on the channel.
Grin. They only exist where Iβve created them π /me wanders off to slack
I finished my analysis looking at all the stuff looking for conversion issues (brutally copied from the word processor I was working with)...
Issues β’ Table of contents page completely broken β’ 5 of the of the subsection summary pages have broken links β’ Links to references have no formatting standard: β 2 - has a academic style reference URLs [1], [2] β Section 4 bounces between links on their own, text + bare URL, link + text, referneces with no URL, etc β’ 0 Foreward - "Testing Guide" link - Probably doesn't have to point to itself β’ 1.2 "by-laws" - no need for it to link to Wikipedia (since the OWASP foundation by-laws are a link right underneath) β’ 1.2 "code of ethics" - looks a bit intimidating to have member revocation as the only link? β’ 1.2 "Submit an Inquiry" link points to a site that has no HTTPS β’ 1.2 "searching" link to OWASP Google custom search is broken β’ 2 - Link [9] does not have HTTPS, Link [13] http://cm.bell-labs.com/who/ken/trust.html doesn't resolve β’ 1, 2 - Lots of floating bold: should decide on headers β’ 3 - missing sections? β’ 4.3.1 - Has a different reference setup with no URLs
Recommendations
β’ Lots of sections link to each other, so we should do the file naming first
β’ For any fix-ups, keep an eye out for:
β Stray backslashes \ - they're everywhere on converted pages
β Broken code blocks and lists
β Weird formatting for headers (completely broken headers, bold or other items that are not headers)
β’ Create convention for file and folders:
β [Section]-[Subject]-([OWASP reference code]).md?
β By reference code, I mean like (OTG-AUTHN-003)
β If there's multiple reference codes, it's probably better to use the most fitting one and place additional codes in the article text
β Spaces or underscores? (Markdown seems functional enough which spaces for links, so it's not useful to pretend that it's MS DOS and using dashes or underscores instead of spaces unless there is another constraint)
β’ Define what to do with links, and where to put them (in-line? references section? both)
β’ What to do for print references with no web sites
β’ We shouldn't have "wishy-washy" wording lik this in 4.3.1.
β "There are some GUI-based administration tools for Apache (like NetLoony) but they are not in widespread use yet."
β Instead, we should can have an "Emerging techniques" subsection for items that are not very well tested
β’ Keep the "Tools" and "References" section with well-defined boundaries
β "Tools" for something you download / buy and use (whether it's a test tool or a vulnerable service like Juice Shop to try your test against)
β "References" for further READING (standards, other Wikis, other guides / books / blogs)
β’ 4.5.10 - missing references?
β’ Section https://github.com/OWASP/OWASP-Testing-Guide-v5/blob/master/document/4%20Web%20Application%20Security%20Testing/4.7%20Session%20Management%20Testing/4.7.1%20Testing%20for%20Session%20Management%20Schema%20(OTG-SESS-001).md#related-security-activities has weird "related security activities" section that looks like it can be rolled into defences, remediation, or references
Template suggestion: β’ File name β’ Sections: a. Summary b. List of OWASP codes (e.g. OTG-AUTHN-003) c. Text body d. Defences e. Remediation f. Tools (URL links ot tools) g. References
@patrickceg Thank you for this!
_
separated. Having spaces will force the author to use URL encoding.[text](URI ref)
. Additional readings in the reference, as you mentioned.What's left is how to break what you mentioned into issues:
@kingthorin and @patrickceg I'll be awaiting your feedback. We can go deeper into this on Slack as it'd be better to cook this there.
Still anything pending anything in this issue?
It's getting close (96%). (Two tickets [including this one], one PR [which is underway and addresses the second ticket].)
This issue was a milestones of its own. This issue is the biggest massacre in GitHub's history.
Can we close this?
I've started to work on this. In some cases it's non-trivial.
Along with that we should probably: