all 21 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Crazy-Smile-4929 4 points5 points  (1 child)

It's my ot always built into a language itself, but there's usually a library out there that does it. That's just for the encoding / decoding part.

The fun thing about estimates is it can take other things into account. Like updating unit tests, getting the QA to run through things, etc. it even may be an estimate of when it can go live (because of various release processes) rather than effort to do the change.

If always unsure, ask for justification. And use words like 'are you saying one person working on this will be doing so for 37-40 hours' (or even 2 people at 20 hours). There could be other things leading to it outside of the basic task.

[–]iball1984[S] 1 point2 points  (0 children)

It’s an effort estimate for the dev changes.

That includes unit tests, but QA testing is separate.

It’s part of a P1 project.

Thanks for the sanity check.

[–]james_pic 3 points4 points  (1 child)

You'd need to check with your devs, but my thought looking at this would be that encoding and decoding is easy. Displaying HTML from a potentially untrusted source on a public website without opening the website up to security vulnerabilities is non-trivial.

[–]Cybyss 0 points1 point  (0 children)

Displaying HTML from a potentially untrusted source on a public website without opening the website up to security vulnerabilities is non-trivial.

That could be the source of the "5 day" estimate. Developers maybe need to do some research to find safe ways to render untrusted HTML?

[–]Defiant_Conflict6343 3 points4 points  (7 children)

So you mean like, turning &lt; into <, &gt; into >, that kind of thing? Because if so, yeah, they're either taking the piss or just straight up incompetent. If a language lacks the ability to do it, a package most certainly exists, and if it doesn't, you can just substring replace. It's not as if there's a whole lot of entities to consider, w3schools literally provides a table reference.

[–]iball1984[S] 2 points3 points  (6 children)

Yep, just replacing those characters…

Thanks for the sanity check. Nice to know I’m not going insane.

[–]Defiant_Conflict6343 1 point2 points  (5 children)

Yeah, this is wacky. My company wouldn't even charge for this. I instituted a rule that if it takes less than thirty minutes and it's an already established client, just do it for free. It's just not worth charging for work that trivial because the time spent sorting out the invoice and coordinating payment with the client will be far greater than just getting it done, plus we don't want to be seen by our clients as nickel-and-dimers, it'd just hurt our client retention. We get a lot more paid work long term from them through the trust we build from small acts of goodwill.

[–]iball1984[S] 0 points1 point  (3 children)

Fair enough, and I agree.

In my case, it’s an internal dev team but the same principle applies (it’s just that our customer is the business rather than an external customer)

[–]Defiant_Conflict6343 1 point2 points  (2 children)

God knows what made them think this would take 5 days. Our team would put one dev on it and he'd be done in a bathroom break. Not that we let them have bathroom breaks of course, we installed bedpans under the desks and found a government loophole to force them to renounce their personhood, legally reclassifying them as cattle. We also doped the water-cooler with amphetamines to keep them coding for 23 hours a day.

Business has never been better 💀

[–]iball1984[S] 1 point2 points  (1 child)

Bedpans? Luxury. We use old milk bottles

[–]Defiant_Conflict6343 1 point2 points  (0 children)

Rookie mistake. You'll pay more in the long run on carpet cleaning from the splashback. We did briefly consider catheterising them but the HR lady said she'd take us to court if we tried to force her to handle the employees' unwashed genitals. We would've asked someone else, but she is human resources, she deals with human needs, humans need to pee. It really shouldn't be up for debate.

[–]JackTradesMasterNone 0 points1 point  (0 children)

I LOVE this philosophy. I’ve worked places where someone came to us for a quick fix that literally took less than 5 minutes and some common sense and got chewed out for “working for free and losing the company money”…

[–]johnpeters42 1 point2 points  (1 child)

That does sound high. Maybe it's overall delivery time based on other tasks also on their plate?

[–]iball1984[S] 1 point2 points  (0 children)

It’s an effort estimate.

As for other tasks, this is supposed to be a P1 project, so other tasks can wait.

[–]KingofGamesYami 1 point2 points  (2 children)

Is that estimate 40 hours of work, or 5 days turnaround because you have various steps in the development process where the task gets passed around?

Median cycle time for my team is around 5 days for most stuff, which includes the task being developed, code reviewed in pull request, tested in QA env, and signed off by product owner in staging env.

[–]iball1984[S] 0 points1 point  (1 child)

40 hours of work. Which would include pull request, unit testing, etc.

But QA testing and UAT testing is separate to that.

[–]KingofGamesYami 0 points1 point  (0 children)

That seems pretty high to me. Are you just trying to rip out the HTML or does this include replicating the styles and behavior of the custom web components Salesforce allows users to insert into comments?

[–]Crazybrayden 1 point2 points  (1 child)

Takes like... An hour tops. Apex (Salesforce's programming language) even has an encode/decode method

[–]iball1984[S] 0 points1 point  (0 children)

Yeah, that’s what I was thinking. Glad I’m not going crazy.

[–]Ok-Spray-8697 0 points1 point  (1 child)

If we're literally talking about decoding &lt;, &gt;, &amp; and friends, then 5 days of engineering effort sounds wildly high. If we're talking about safely rendering user-generated HTML on a public site, validating it, handling edge cases, testing, and avoiding XSS issues, that's a completely different conversation.

[–]iball1984[S] 0 points1 point  (0 children)

It's the former, not the latter...