|
Further enhancements
There were many ideas and functionality suggestions made
by both the focus group and myself. Due to the limited time
available to develop the software not all of the ideas could
be implemented. Instead, the focus group prioritised the suggestions
made and they were developed in order of priority until there
was no more development time available. The priority list
is available below.
- HTML escaping
- Threaded article view
- Threaded article navigation
- Individual user preferences
- Import & export newsrc
- Multiple style sheet support
- Postscript or PDF output of articles
- RDF/RSS (XML) feeds
- Interface templating
“HTML escaping” was forced to be priority number
1 as it was a security considering and as such should be implemented
if development time permitted.
Implemented
The following suggestions were implemented within the time
allocated for system development.
HTML escaping: As previously mentioned, HTML escaping
is a vital security consideration as without it a dynamic
Web page may be vulnerable to Cross Site Scripting attacks.
XSS attacks occur when a user provides malicious data to a
Web page which the Web page’s processing script fails
to check for validity and outputs the data verbatim. While
thorough checking of any data provided by the usercan help
lower the chances of this occurring it also helps if all user
provided data, such as the text for an article body, is HTML
escaped prior to usage.
Threaded article view: By threading the list of
articles available a user can easily identify the articles
which are part of the same thread or discussion. This makes
the job of filtering through the available articles considerably
easier for the user as there is no need to search for replies
to particular articles that the user is interested in or to
locate parent articles within the thread.
CONTINUED ON NEXT PAGE.............
|