Websites/The Open Standard/zurb tech specs

From MozillaWiki
Jump to: navigation, search

Search

Our two options for implementing search are:

  1. The default search that comes with wordpress. (Decision made to use this one.)
  2. Google Custom Search https://www.google.com/cse/

Newsletter Sign-Up

The newsletter can either be a full page or a module. Examples of each are:

  1. Full Page https://www.mozilla.org/en-US/newsletter/
  2. Module: https://www.mozilla.org/en-US/firefox/new/

The following fields will need to be included:

  1. Email Address
  2. Location Dropdown
  3. Language Dropdown at launch just english (languages added when available)
  4. Format (HTML/TEXT)
  5. Privacy CheckBox


Social Sharing

The default social sharing plugins provided by facebook, twitter etc leak user data on load. We generally load these only after a user has clicked something to signal their intent to share. Any sharing plugin that uses the standard buttons provided by Twitter/Facebook/Google etc won't meet our privacy requirements.

An example implementation is below:

https://github.com/mozilla/SocialShare

An example of this implemented on the mozilla blog can be seen here:

https://blog.mozilla.org/blog/2014/08/29/firefox-os-smartphones-available-in-india-this-week/

Our sharing implementations do not include email, they are currently limited too:

  • Facebook
  • Twitter
  • Google+

Querying Shares Per URL

We should be able to query the number of shares a url has on demand and without leaking user data. The following are example api calls that return the number of shares for a specific URL.

Note we should check if there are any API limits or other funky restrictions, if so we should cache these at a reasonable interval.

Facebook

https://api.facebook.com/method/links.getStats?urls=http://www.mozilla.org&format=json

Twitter

http://urls.api.twitter.com/1/urls/count.json?url=www.mozilla.org

G+
Google does not appear to allow access to the raw share count, and AFAIK there is no public API for this method. A possible workaround is to call the following url and extract the number.

https://plusone.google.com/_/+1/fastbutton?url=http://www.mozilla.org

This is tricky because the number returned could be a string (1.6k) and will need to be normalized.

Alternatively https://www.sharedcount.com/faq.php was recommended however it currently lists G+ as inconsistent so there is likely little value add to be gained by using this service and if G+ is required we should probably just use the native hack mentioned above.

Commenting

There are 2 options for commenting:

  1. Default WordPress Commenting + Akisment (Decision Made To Use This One.)
  2. 3rd Party Plugin Such As Disqus.

There are no issues using the default commenting that comes with wordpress. If a 3rd party plugin such as Disqus is required, it will need a legal / privacy review. An additional concern with a 3rd party system is that aggregated data (such as most commented on) may be either difficult or impossible for the WP code to access.

Additional Information

General Guidelines Regarding WP Plugins

If the plugin does not handle Personally Identifying Information (PII) our web security team will perform automated scans against the development/staging/production environments as requested. These reviews generally won't block and look for XSS and other common problems.

If the plugin DOES handle PII the completion of a sec and privacy review is a per-requisite for the plugins use in production. Due to the time needed for these reviews, we should not include these plugins in the October launch.


Dev Best Practices For WP

  • Browser Support: Readable and degrade gracefully in IE6/7/8 but doesn't need to look perfect.
  • General Coding Guidelines & Style http://mozweb.readthedocs.org/en/latest/coding.html
  • Theme should be built in such a way that it doesn't *require* any plugins, and can still render content without breaking if a plugin is missing or disabled.
  • The same goes for anything that assumes a particular page or tag or category exists, it should be built in a way that doesn't throw an error if it doesn't.