61 things website developers should know
Http://stackoverflow.com/questions/72394
Translator: Ruan Yifeng
1. Interface and User Experience)
1.1
Know the implementation of Web standards in various browsers to ensure that your site can run normally in the main browser. You must test at least the following engines: Gecko (for Firefox), Webkit (for Safari, Chrome, and some mobile browsers), and IE (you can use Microsoft's Application Compatibility VPC Images for testing) and Opera. At the same time, different operating systems may also affect how browsers present your website.
1.2
In addition to browsers, websites also have other usage methods: mobile phones, screen readers, and search engines. You should know the running status of your website under these circumstances. MobiForge provides some knowledge about mobile website development.
1.3
Know how to upgrade your website without affecting your use. Generally, you must have a version control system (CVS, Subversion, Git, and so on) and a data backup mechanism (backup ).
1.4
Do not let users see unfriendly error prompts.
1.5
Do not directly display the user's Email address, or at least do not display it in plain text.
1.6
Set reasonable limits for your website. Once the threshold value is exceeded, the service will automatically stop. (This is also related to website security .)
1.7
Know how to implement progressive enhancement of web pages (progressive enhancement ).
1.8
After a POST request is sent, the user always redirects it to another webpage.
1.9
Do not forget the accessibility of your website (accessibility, that is, how people with disabilities use your website ). For us websites, this is sometimes a legal requirement. WAI-ARIA has some good references in this regard.
Ii. Security)
2.1
Read OWASP Development Guide, which provides comprehensive website security guidance.
2.2
Understand SQL injection and its prevention methods.
2.3
Never trust the data submitted by the user (cookies are also submitted by the user end !).
2.4
Do not store users' passwords in plain text. Do not store passwords after hash processing.
2.5
Do not be too confident about your user authentication system. It may be easily cracked, and you are not aware of the vulnerability.
2.6
Learn how to handle credit cards.
2.7
Use SSL/HTTPS on the logon page and other pages that process sensitive information.
2.8
Know how to deal with session hijacking ).
2.9
Avoid cross site scripting (XSS ).
2.10
Avoid cross-origin request forgeries (XSRF ).
2.11
Patch your system to keep up with the latest version.
2.12
Confirm the security of your database connection information.
2.13
Track the latest development of attack technology and the latest security vulnerabilities on your platform.
2.14
Read Google's Browser Security Handbook ).
2.15
Read The Web Application Hackers Handbook ).
Iii. Performance)
3.1
Cache is used whenever possible ). Correctly understand and use HTTP caching and HTML5 for offline storage.
3.2
Optimize the image. Do not use a 20KB image file as a recurring webpage background pattern.
3.3
Learn how to use gzip/deflate to compress content (deflate is preferred ).
3.4
Combining Multiple style sheet files or script files into one file can reduce the number of http requests of the browser and the total volume of files compressed by gzip.
3.5
Browse Yahoo's predictional Performance website, which provides a large number of excellent suggestions to improve front-end Performance, as well as their YSlow tools. Google's page speed is another tool used to analyze Web page performance. Both require the installation of Firebug.
3.6
If your webpage uses a large number of small images (such as the toolbar), you should use CSS Image Sprite to reduce the number of http requests.
3.7
For a large-traffic website, you should consider spreading webpage objects across multiple domain names (split components into SS domains ).
3.8
Static content (such as slice, CSS, JavaScript, and other webpage content unrelated to cookies) should be placed on an independent domain name that does not require cookies. If there is a cookie under the domain name, the client will attach the cookie content to each http request sent to the domain name. A good method here is to use Content Delivery Network (CDN ).
3.9
Minimize the number of http requests required by the browser to complete web page rendering.
3.10
Google's Closure Compiler can be used to compress JavaScript files, and YUI Compressor can also be used.
3.11
Make sure that the favicon. ico file is in the root directory of the website, because even if the file is not included in the webpage, the browser automatically sends a request to it. If this file does not exist, a large number of 404 errors will occur, consuming the bandwidth of your server.
4. Search Engine Optimization (SEO)
4.1
Use the URL format of "search engine friendly", such as example.com/pages/45-article-title, but not example.com/index.php? Page = 45.
4.2
Do not use hyperlinks such as "Click here", because it wastes a SEO opportunity and reduces the effect of screen reader.
4.3
Create an XML sitemap file. The default location is/sitemap. xml (put in the root directory of the website ).
4.4
When you have multiple URLs pointing to the same content, use <link rel = "canonical".../> In the webpage code.
4.5
Use Google's Webmaster Tools and Yahoo's Site Explorer.
4.6
Google Analytics (or open-source access volume analysis tool Piwik) was used from the very beginning ).
4.7
Role of Zhidao robots.txt and how search engine spider works.
4.8
Direct access requests from www.example.com to example.com (with 301 Moved Permanently redirection) or use the opposite approach to prevent Google from using them as two websites and calculating rankings separately.
4.9
A web spider who knows that there are malicious or improper behaviors.
4.10
If your website has non-text content (such as video and audio), you should refer to Google's sitemap extension protocol.
V. Technology)
5.1
Understand the HTTP protocol and concepts such as GET, POST, sessions, and cookies, including what stateless means.
5.2
Make sure that your XHTML/HTML and CSS comply with W3C standards so that they can pass the test. This allows your web page to avoid triggering the quirk of the browser and make it work properly on the screen reader and mobile phone.
5.3
Understand how the browser handles JavaScript scripts.
5.4
Understand how JavaScript files, style sheet files, and other resources on the Web page are loaded and run, and how they affect page performance. In some cases, the script file may be placed at the end of the web page.
5.5
Understand how JavaScript sandbox works, especially if you plan to use iframe.
5.6
JavaScript may not be available or disabled, and Ajax may not always run. Remember, "Do Not Allow script running" (NoScript) is becoming popular for some users. Mobile browsers have different support for scripts, but Google does not run most of the script files when indexing webpages.
5.7
Learn the difference between 301 redirection and 302 redirection (this is also a SEO issue ).
5.8
Learn as much as possible about your deployment platform ).
5.9
Consider using the Style Sheet Reset (Reset Style Sheet ).
5.10
Consider using JavaScript frameworks (such as jQuery, MooTools, and Prototype), so that you do not have to consider the differences between browsers.
6. fix bugs
6.1
Understand that 20% of the programmer's time is used for coding, and 80% of the time is used for maintenance.
6.2
Establish an effective error reporting mechanism.
6.3
Establish some channels or systems so that users can contact you and give you suggestions and criticism.
6.4
Write documents for future maintenance and customer service personnel to explain how the system runs.
6.5
Regular backup! (And make sure these backups are valid .) In addition to the backup mechanism, you must also have a recovery mechanism.
6.6
Use a version control system to store your files, such as Subversion or Git.
6.7
Don't forget to do Unit Testing. frameworks like Selenium will be useful to you.