Style expectations when writing code for Marketing as well as code review process.
Google Engineers adhere to rather strict rules about code style. To the best we can,Marketing tries to adhere to the same standards set company wide.
Linters inform you if your code is following at least some of the Google style expectations. It is expected that you would fix all lint errors before beginning the code review process.
Sublime and Webstorm support linting right in the editor so you may want to install one of these plugins.
First install the Closure linter itself.
closure-linter-config.txtfile somewhere in your home directory with the Closure linter configuration:
--strict --jsdoc --summary --beep
Go to Webstorm > Preferences and search for Closure Linter.
Choose enable and provide the path of the closure linter. On mac, this might be something like:
Provide the path to the
closure-linter-config.txtfile you created.
There is a command line linter utility available. Download and run gjslint on the command line.
gjslint --check_html --strict --jslint_error=all --closurized_namespaces=goog,jfk,xxx,yyy -r path/to/files
You can also auto fix these errors with fixjsstyle (with the same flags).
If you do not have Javscript readability, your cl will require approval by someone with readability. This is enforced if you're submitting code to google3. However, code submitted to git on borg does not have these automated processes.
The primary focus of a readability review is to check for adherence to our style guides. However, it may also include comments around design, scalability, localization, and performance.
For larger code reviews, expect your review to take a few weeks.
At the bare minimum, it's expected that you would run an inquisition scan on your project prior to launch to catch low hanging security flaws such as outdated libraries and XSS attacks. Most projects do not require a formal security review beyond that.
Scenarios that might warrant a security review:
- deals with PII
- reads/manipulates query parameters
- retrieves data from an outside source or api and displays it on the page
Discuss with your TPM if a security review is appropriate and to determine next steps for beginning a review.