Web Application Development Standards
Web applications developed for the California Department of Education (CDE) must adhere to specific standards pertaining to security, consistency, functionality, and look and feel.
The following Web Application Development Standards are divided into two sections, “All Web Applications,” which apply to ALL Web applications, and “CDE Web Applications Only,” which apply only to those applications that are considered to be part of the CDE’s own Web sites. Usually, CDE Web applications have the look and feel that is the same as the CDE Web site.
Visit the CDE Web Standards to determine if these standards apply to a specific Web product and to determine which other Web standards might apply.
All Web Applications
Applications must meet the following general standards:
- Must be easy and intuitive to use for the target audience.
- Must function in a logical manner for the target audience.
- Must use styles that are consistent throughout the application and within the associated Web site, including:
- The use of capitalization (e.g., title case vs. sentence case).
- The use of punctuation (e.g., use of colons on labels).
- Error messages must appear in a consistent location and style.
- The use of Web document notations (e.g., PDF, DOC, etc.).
- Layout/spacing (e.g., the space between a field label and input control).
- Descriptive metadata titles.
- Must adhere to industry best practices.
- Form controls that are not available must be hidden.
Development Technology, Programming Language, and Web Server Software
Web applications require the use of the following (or higher) technologies:
- Microsoft ASP.Net 4.5
- Microsoft Visual Studio 2012 development environment
- Microsoft Visual Basic 2012 server-side programming language
- Microsoft IIS 7.0 Web server software
Minimum Browser Standards
Web applications must function and display properly in the browser versions that are listed on the Minimum Web Browser Requirements page, and all subsequent browser releases up through the current public release version.
Web applications and sites must be thoroughly tested in all required browser versions.
Web applications and sites must be thoroughly tested in screen resolutions of 800 x 600 and 1024 x 768. Applications and sites must not require horizontal scrolling when viewed with 1024 x 768 resolution.
Tables for Layout
Tables used for the purpose of positioning content on a Web page are not allowed. The only exception is the use of layout tables for .NET radio button and checkbox control lists. Refer to the Design Standards for the CDE Internet and Intranet Web sites or the External Web Page and Application Design Standards for more information.
Every Web page in the application must have one or more links or control buttons that allow a user to navigate back and forth within the application without having to use the back button or other browser navigation functionality.
Validation of Form Input Fields
Form fields must be validated to ensure required fields are completed, numeric fields have numeric data, and data input is properly formatted (e.g., e-mail address).
Exception Handling in Server-side Code
Code exceptions must be handled in a user-friendly manner by displaying a custom error page that does not display information such as database object names or source code. ASP.Net applications must use <customErrors mode=”RemoteOnly”> in the web.config file so detailed errors are not displayed to the user.
The HTML Label Tag
The HTML Label tag must be used to associate a text description to a form field.
HTML Code Validation
Input Textbox Display Width
Textbox input controls in a Web form must have properties set for display width and maximum input characters.
AJAX elements can be included as long as there is an equivalent non-AJAX alternative that produces the same results or provides the same functionality.
System/application names should describe the purpose of the system. They should not include reference to previous systems or terms related to the development of the system. For example, do not use terms in system titles, such as:
- Redesign, or
Items Specific to the Required CDE Development Environment (i.e., ASP.Net, Visual Basic, SQL Server)
Post Compiled DLLs Only
ASP.Net code-behind files (e.g., .aspx.vb) must not be posted to a production Web server. Instead the code-behind files must be compiled into DLL files using Visual Studio's Publish feature.
Microsoft SQL Server 2008 is required if a database is used. Additionally, the following requirements apply to all database-backed Web applications.
- Use Microsoft SQL Server database objects (stored procedures, views, functions, etc.) when the application accesses the database to prevent any potential application security vulnerabilities.
- The application SQL Server login must be granted the minimum rights to execute or select the necessary database objects to communicate with the database (i.e., execute on a specific stored procedure.)
- The application SQL Server login cannot have direct access (read, insert, update, etc.) to database tables.
CDE Web Applications Only
Source files for Web applications may contain mixed-case filenames. However, when linking or redirecting to files, specify lowercase filenames to ensure compliance with the filename section of the Web Design Standards.
System-wide CSS and Header/Footer Include Files
System-wide CSS, header/footer include, and image files must be used for Web applications hosted on CDE Web servers. See the Layout and Formatting Section of the CDE Web Design Standards for more information.
Last Modified Date
Use of the term “Last Modified” is not allowed in CDE Web applications because this term is reserved for exclusive use on the main CDE Internet Web site. Also, the term does not clearly indicate WHAT was modified. However, dates can be relevant if the Web page displays date-sensitive information, or where the report date may be valuable to users. Examples of appropriate dates on Web application pages include:
- Report run on November 18, 2008
- Data updated on November 18, 2008
Compiling the Web Application to be Updatable
When compiling an ASP.NET Web application in Microsoft Visual Studio, the application must be compiled as updatable. To accomplish this, when publishing the Web application, select the checkbox entitled "Allow this precompiled site to be updatable." This approach ensures that the application code will continue to reference the system-wide include, css, and image files on the hosting server.