Last night saw the popular EU Cookie Compliance module fall from grace, as the Drupal community discovered that numerous inputs in the admin form were not being sanitised. To me, this shows some serious failings in how our community is handling security awareness. Let's do some fixing :) ### 1) We need to make this OBVIOUS, with clear examples One of the most important things when trying to get people to write secure code is...
The Problem I imagine many of us have been there: there’s some CSS class in your markup, and you need to do something with it. Maybe you want to remove it, change it, or perhaps alter its style declarations. “Easy peasy,” you think, “I’m a developer. I got this.” And so you should. Next, if you’re anything like me, your first instinct is to fire up your search tool of choice and search your...
The code that runs http://api.drupal.org is of course Drupal, and it is essentially just scanning the code it's told to and displaying it in a nice format. You can quite easily set up your own API site that you can use to scan your own custom code, or if you're a module developer, your module's documentation (you do have documentation in the code right?) I'm going to outline how we can use Drupal and Jenkins...