Web Voting Scripts
We give a sequence of examples of scripts for voting on the Internet.
The point is to teach you how to write these by gradually adding parts
to a primitive version that evolves to a more effective one.
Read the Source Code associated with each
example. The same ideas are used in many other scripts.
These examples presume you have
some experience writing HTML pages.
|
---|
For all of these, the Voting Form remains unchanged. I hope these
examples will be clear to a novice. One can certainly shorten them,
but brevity was not my main goal. In reading these scripts, note that
everything following a # in the line is a "comment" and is ignored by
the program.
- Simplest version
[ source code ]
- Just acknowledge the vote -- and don't even record it in a tally.
For amusement the ballot has a standard tiny piece of JavaScript that
inserts a marquee in the "status line" at the very bottom of the browser
window. [This is not included in subsequent versions of the ballot.]
- Reject if incomplete
[ source code ]
- Reject if missing either the first or last name, or no vote is
cast. Still don't record the vote in a tally.
The status line in the previous example is replaced by a marquee
with the same text. [This is not included in subsequent versions of
the ballot.]
With only a little more work, this form could also list the
missing items.
- Using Subroutines
[ source code ]
- As a program becomes longer, it becomes easier to understand if it
is broken into subroutines, each of which contains one part of the
program.
- Reject if already voted
[ source code ]
- Before accepting the vote, check if the person has already voted.
To make a secret ballot one must be careful to keep the record
of who voted separate from how they voted. Since this form
now saves data when someone votes, this is the first version of the
ballot that could not have been done with Java or JavaScript.
This still does not record the vote in a tally.
Another important piece is missing: the script does not made a
list of those who are allowed to vote -- and then reject voters not on
the list. Since I don't want to restrict this example to reject
users, I'll skip this (fundamental) step. Thus, you
can vote many times under different aliases, even pretending you are
someone else. This enables you to test these scripts more
easily but is completely insecure. A more appropriate version would
have a list of allowed users with passwords. Implementing this is not
complicated.
- Record the vote
[ source code ]
- The script finally records the vote.
-
- Return rejected form
- This is identical to the above but if there is an error, return
their old form with the errors indicated.
For variety I made my own button to request the source code.
- security filter on data
( source code )
- The primary source of security problems with running computer
programs on the Internet is that people insert surprising spurious data
that has your program doing malicious tasks you never intended.
This problem can be almost completely avoided by filtering incoming data
and accepting only characters that should appear.
In this case, since the only input is first and last name, we accept
only a-z,A-Z, and the punctuation: . , - _ ' and a blank space. With a
little more care we could also accept the accented letters that arise in
many European languages. For other applications one might also accept
0-9 $ % & ( ) ? ! @ # *.