Changes to Candidate Biographies Implemented
Categorized as: Product Development
Candidates have long been able to input their own biographies into the system. Election managers have also long been able to input biographies on behalf of candidates. How that is done has now changed. While this could just about go without an announcement given how seamless the changes are from a user experience perspective, it’s worth pointing out that the motivation for the change was to address an issue that would sometimes arise while an election manager was entering a candidate biography into the system. If you were one of the few election managers that bumped into this, read on.
Background
Skypunch uses the Web Application Firewall (WAF) provided by Amazon Web Services (AWS) to protect the system from malicious requests for webpages. What constitutes a “malicious request” is determined by AWS examining the innumerable volume of requests that pass through their systems around the world every day making it a very robust and highly refined WAF. Indeed Skyunch benefits enormously from its use as it blocks many would-be malicious requests at the outermost ring of the system. Skypunch has also in the past used a what-you-see-is-what-you-get (WYSIWYG) style text editor to enable both candidates and election managers to apply styling (bold, italics, ordered lists, etc.) to the text included in a candidate biography as well as in position descriptions. Sometimes the WAF and the text editor would clash because the text editor might, in some cases, apply styling using what are called inline style sheets. The point of this article is not to serve as a tutorial about inline style sheets or the available alternatives, but suffice it to say that inline styling of text is something that can create vulnerabilities that a would-be cyber attacker could exploit. That meant that when the WAF spotted one of these inline style sheets it would block the request.
The Solution
A solution was needed and as fate should have it, a solution had already been implemented on the interface candidates use for inputting their own biographies. All that was needed then, was for election managers to be directed to the same webpage used by candidates. That’s simple enough to do and has now been done, but election managers who may be accustomed to having a pop-up window appear that allows for editing a candidate biography, will now be directed instead to a full webpage where you are effectively impersonating the candidate.
This approach solves the conflict between the WAF and the text editor by simply not using the text editor at all, but instead markdown. Markdown was created for exactly such uses cases as this and already has its own reference page on the Skypunch website. There is also a markdown quick-reference on the biography page itself.
Position Descriptions
Because adding a position description to a position used the same text styling framework as candidate biographies, that too has been modified to direct an election manager to a full webpage where markdown may be used to style text.
Added Benefits
During the course of performing this work, some other benefits were thrown in as a bonus.
- Candidates used to access the biography editor using a username and password. They now do so using a magic link. They receive an email including a link unique to them; click the link; and are auto-authenticated into the system. This provides for a lower friction experience, they need only to be very certain not to share the link as it is unique to them.
- Election managers may now preview position descriptions while editing them. Previewing used to mean that after saving changes to a position description, one would need to visit the ballot to view the position descriptions as they will appear to voters, but that may now be done on the same page as the editing which is a bonus.
