As it happens, thanks to the support of L’Express, it seems more & more citizens are now drawing attention to the flaws in the Government websites. Yes, I did mention website with an “s”. Nevertheless, let’s keep the attention to MNIC. In the previous article, Mauritius National ID Card website – Your privacy compromised, I highlighted the security flaw the webmaster(s) left when creating the feedback/complaint form using Google Docs.

However, I did also check the page sources to have a look at the code quality. It was a horror. You find JavaScripts at places you shouldn’t. You find HTML tags closing without even opening at first, I call them the ghost tags.

See for example, if you view the source of the home page, you should find this piece of JavaScript:

It looks harmless. Hmm, have a closer look at following lines:

var url="http://www.mnic.mu/files/newsletter/capture.php";
url=url+"?txtemail="+email+"&lang=1";
xmlhttp.onreadystatechange=stateChanged;
xmlhttp.open("GET",url,true);
xmlhttp.send(null);

It leads directly to the database of those who subscribed to the MNIC newsletter. Looking at their overall code quality so far, I wonder how secure would capture.php be.

Now, let’s look at some HTML ghost tags. Still on the home page, view the source. Look out for the <head></head> tags. How many? (^^,)

As of now, I guess the website is a good project for students who wish learn about website flaws & vulnerabilities.

Update 1

While going through the comments on the L’Express article I noticed a reader’s comment about the marquee element. I used that argument on the social networks as well but maybe it should find it’s place here. What’s a marquee? Go to the MNIC homepage, do you notice the Latest News bar where the text annoyingly scrolls from right to left. That’s called a marquee.

Hover your mouse over it, does it stop/pause? Nah. The “good” web developers know of this & rant about it often. The marquee element is a non-standard element as per the World Wide Web Consortium. Read about it here and Wikipedia could help too.

As per Wikipedia the marquee was introduced in Microsoft’s Internet Explorer. Other browsers like Firefox, Opera, Chrome and Safari support it just to maintain compatibility with legacy webpages.

This is something the developers of MNIC website should have known or we should we call it simply some bad code. In case you’re thinking of the news tickers on websites like BBC or CNN, those are rather JavaScript scrollers which are much more intuitive to mouse actions.

Should you be wondering what’s that stuff with code quality, you might have a quick read: The only valid measurement of code quality : WTFs/minute