Web Cluster Information for www.virginia.edu
Operating System: UNIX
Building your Site
The Web Communications Office must be consulted prior to beginning any new site project or making significant changes to an existing site on www.virginia.edu. Plans for using server-side scripting, databases, and "off-the-shelf" blog or CMS products (Wordpress, Joomla, etc.) will be reviewed for security and compatibility with the server environment.
Each page within a site should have a unique and appropriate <title> tag. The preferred format for the title tag for the home page is the division, department or unit name comma U.Va. Then for a secondary page the name of the secondary page comma the home page title. So for example the title on the Faculty Senate home page is "Faculty Senate, U.Va." and on their second level Contact/Location the title is "Contact/Location, Faculty Senate, U.Va."
Documents should not be posted in proprietary, editable formats, such as MS Word, MS Powerpoint, MS Excel, etc. unless the file must remain editable to the end-user. Documents should be converted to HTML, web-optimized PDF, or Flashpaper.
The site is required to display uniformly and correctly in the following popular browsers. Browsercam is one of several useful resources for browser-testing on a variety of platforms.
- PC: Internet Explorer 5.0, 5.5, 6.0, 7.0+; Firefox 1.5, 2.0, 3.0+, Safari 3.1+; Opera 8.5, 9.5+; Netscape 4.7, 7.2, 9.0+; Mozilla 1.6, 1.7+; Chrome 0.2+
- Mac: Firefox 1.0, 1.5, 2.0+; Safari 1.3, 2.0, 3.1+; Internet Explorer 5.2; Netscape 7.2, 9.0; Mozilla 1.6, 1.7+; Camino 1.5+; Opera 8.5, 9.5+
- Linux: Firefox 1.5, 2.0, 3.0+; Opera 9.5+
The site does not have to look perfect or retain all functionality, but it is expected to be "usable" (display all relevant navigation and content), and not cause any errors in the following browsers:
- PC: Internet Explorer < 5.5; Netscape < 7.2.
- Mac: Internet Explorer; Netscape < 7.2; Safari < 1.3.
- Linux: Konquerer/Epiphany (recent build); Firefox < 1.5; Lynx.
URLs should not include spaces, capital letters or any additional special characters.
When building the site you should do your own message handling, catch the errors and post alternate content.
The preferred HTML document type is XHTML 1.0 Transitional. Strict document types, such as XHTML 1.0 and XHTML 1.1 Strict, are required to contain valid markup. We suggest that all code and markup be checked for syntax errors. Special characters should be entity-encoded.
When creating ATOM/RSS and XML feeds and documents, it is important to validate these formats using a tool such as feed validator or RUWF to ensure they are well-formed. HTML content in these files should be escaped using CDATA notation.
Information about securing your web directories with password protection and/or Netbadge is available at the following sites:
Server-side applications (PHP, Perl, etc.) are required to be hardened against HTTP attacks from SQL Injection, remote file inclusion exploits, cross-site scripting (XSS), and other common penetration techniques.
If vulnerabilities are discovered in server-side scripting, blog/CMS software, or other application code, access to the application will be blocked immediately. Additionally, the sponsoring office or department may be responsible for costs associated with repairing the application and performing a security assessment.
In order to prevent your site from being indexed by Google and other search engines, you may add a robots.txt file to the root directory or add META exclusion instructions. See Google's page for Webmasters for more details.
Vendors must provide all available source files for the design and programming of each site upon completion of the project. These may include Photoshop (PSD), Fireworks (PNG), Flash (FLA), Dreamweaver templates (DWT), Fonts, Source Photography, and uncompiled source code. Vendors failing to provide full source materials may be assessed a penalty.