Web applications developed for the California Department of Education (CDE) must adhere to specific standards pertaining to security, consistency, functionality, and look and feel.
The following Web Application Development Standards are divided into two sections, “All Web Applications,” which apply to ALL Web applications, and “CDE Web Applications Only,” which apply only to those applications that are considered to be part of the CDE’s own Web sites. Usually, CDE Web applications have the look and feel that is the same as the CDE Web site.
Visit the CDE Web Standards to determine if these standards apply to a specific Web product and to determine which other Web standards might apply.
All Web Applications
General Standards
Applications must meet the following general standards:
- Must be easy and intuitive to use for the target audience.
- Must function in a logical manner for the target audience.
- Must use styles that are consistent throughout the application and within the associated Web site, including:
- The use of capitalization (e.g., title case vs. sentence case).
- The use of punctuation (e.g., use of colons on labels).
- Error messages must appear in a consistent location and style.
- The use of Web document notations (e.g., PDF, DOC, etc.).
- Layout/spacing (e.g., the space between a field label and input control).
- Descriptive metadata titles.
- Must adhere to industry best practices.
- Form controls that are not available must be hidden.
Development Technology, Programming Language, and Web Server Software
Web applications require the use of the following (or higher) technologies:
- Microsoft ASP.Net 3.5 (LINQ functionality may be allowed with prior approval from CDE)
- Microsoft Visual Studio 2008 development environment
- Microsoft Visual Basic 2008 server-side programming language
- Microsoft IIS 6.0 Web server software
Minimum Browser Standards
Web applications must function and display properly in the browser versions that are listed on the Minimum Web Browser Requirements page, and all subsequent browser releases up through the current public release version.
Application Testing
Web applications and sites must be thoroughly tested in all required browser versions.
Web applications and sites must be thoroughly tested in screen resolutions of 800 x 600 and 1024 x 768. Applications and sites must not require horizontal scrolling when viewed with 1024 x 768 resolution.
Tables for Layout
Tables used for the purpose of positioning content on a Web page are not allowed. The only exception is the use of layout tables for .NET radio button and checkbox control lists. Refer to the Design Standards for the CDE Internet and Intranet Web sites or the External Web Page and Application Design Standards for more information.
Navigation
Every Web page in the application must have one or more links or control buttons that allow a user to navigate back and forth within the application without having to use the back button or other browser navigation functionality.
Validation of Form Input Fields
Form fields must be validated to ensure required fields are completed, numeric fields have numeric data, and data input is properly formatted (e.g., e-mail address).
Exception Handling in Server-side Code
Code exceptions must be handled in a user-friendly manner by displaying a custom error page that does not display information such as database object names or source code. ASP.Net applications must use <customErrors mode=”RemoteOnly”> in the web.config file so detailed errors are not displayed to the user.
Input Buttons
Use standard input/submit buttons instead of image buttons. For example, do not use the IMG tag with surrounding A HREF and JavaScript for an input button, such as:
<a href="javascript:document.form_name.submit();"><img src="image_name.extension"></a>
The HTML Label Tag
The HTML Label tag must be used to associate a text description to a form field.
HTML Code Validation
The HTML code in all Web applications must be valid via a reputable validation technique, such as W3C
or by using the HTML Validator Firefox add-on
.
Input Textbox Display Width
Textbox input controls in a Web form must have properties set for display width and maximum input characters.
Javascript Usage
The use of Javascript is allowed for client-side data validation and manipulation as long as the script is invoked as a result of a user action (i.e., button selection, dropdown selection, movement to another form field, etc.). The use of AJAX technology is prohibited for accessibility reasons.
Items Specific to the Required CDE Development Environment (i.e., ASP.Net, Visual Basic, SQL Server)
Post Compiled DLLs Only
ASP.Net code-behind files (e.g., .aspx.vb) must not be posted to a production Web server. Instead the code-behind files must be compiled into DLL files using Visual Studio's Publish feature.
Database Standards
Microsoft SQL Server 2005, or higher, is required if a database is used. Additionally, the following requirements apply to all database-backed Web applications.
- Use Microsoft SQL Server database objects (stored procedures, views, functions, etc.) when the application accesses the database to prevent any potential application security vulnerabilities.
- The application SQL Server login must be granted the minimum rights to execute or select the necessary database objects to communicate with the database (i.e., execute on a specific stored procedure.)
- The application SQL Server login cannot have direct access (read, insert, update, etc.) to database tables.
CDE Web Applications Only
Mixed-case Filenames
Source files for Web applications may contain mixed-case filenames. However, when linking or redirecting to files, specify lowercase filenames to ensure compliance with the filename section of the Web Design Standards.
System-wide CSS and Header/Footer Include Files
System-wide CSS, header/footer include, and image files must be used for Web applications hosted on CDE Web servers. See the Layout and Formatting Section of the CDE Web Design Standards for more information.
Last Modified Date
Use of the term “Last Modified” is not allowed in CDE Web applications because this term is reserved for exclusive use on the main CDE Internet Web site. Also, the term does not clearly indicate WHAT was modified. However, dates can be relevant if the Web page displays date-sensitive information, or where the report date may be valuable to users. Examples of appropriate dates on Web application pages include:
- Report run on November 18, 2008
- Data updated on November 18, 2008
Compiling the Web Application to be Updatable
When compiling an ASP.NET Web application in Microsoft Visual Studio, the application must be compiled as updatable. To accomplish this, when publishing the Web application, select the checkbox entitled "Allow this precompiled site to be updatable." This approach ensures that the application code will continue to reference the system-wide include, css, and image files on the hosting server.