According to @beaufortfrancois, we should no longer be using protocol-
relative URIs. He quotes this passage from Paul Irish:
> Now that SSL is encouraged for everyone and doesn’t have performance
> concerns, this technique is now an anti-pattern. If the asset you
> need is available on SSL, then always use the https:// asset.
> Allowing the snippet to request over HTTP opens the door for attacks
> like the recent Github Man-on-the-side attack. It’s always safe to
> request HTTPS assets even if your site is on HTTP, however the
> reverse is not true.
Source: https://www.paulirish.com/2010/the-protocol-relative-url/
This change was begun with the following command:
git grep -l "'//" | xargs sed -i "s@'//@'https://@g"
Some changes made by that command were false-positives, which I then
reverted manually. Others required additional cleanup to meet style
rules.
I've also just discovered that the "max-len" rule in eslint's Google
style config exempts URIs, so there's no need to disable the max-len
rule on URIs in the assets list. These have been removed in the asset
list where unnecessary.
Finally, testing these updated URIs led to the discovery that two of
our third-party demo assets are no longer available. One URI needed
to be updated. The other had no obvious replacement, so it was
removed.
Closes#1390
Change-Id: I2fe23faec04f1904c1741236b364d5089900092a
Also adds:
- Missing details on a deprecated config field in the v2.2 => v2.3
upgrade guide & changelog
- Missing details about new language/role APIs in the v2.2 => v2.3
upgrade guide
Closes#1183
Change-Id: I57e8bf4e56ffb1d741b691cdeaeb22e435c26e41
Also changes the jsdoc template for tutorials with children, to give
the tutorial content itself control over how the links to children are
formatted.
Also fixes annotations for the TextParser interface.
Change-Id: I99502f38bf711b74a596ad804d8abdddee5d6f4d
Joey Parrish
Darío Hereñú
Sandra Lokshina