toggle quoted messageShow quoted text
I've gone ahead and changed the wording for the password. I've also fixed the issue with HTML in the invite message (I decided to keep it plain text, and I'm just escaping tags now). You can now specify a name when inviting someone. And I fixed the problem with sending invitations again.
On Sun, Oct 12, 2014 at 1:15 PM, Shal Farley <shal@...>
>> 2) The Invite Message box looks like a plain text entry box.
> Hmm. I'm a little surprised that the HTML wasn't escaped in the message
> itself. Anyways, the text box should be HTML and you should be able to
> enter HTML in the invite message. I've put it on the TODO list.
As long as there's some constraint in what the devious or criminally minded can do with the HTML. The iframe and script tags once bedeviled Yahoo Groups home pages (and Messages archives) until Y!Groups implemented a whitelist of "safe" tags. But that was in simpler times, I don't know what they do now.
> Yeah, I'm not sure. I don't ask to verify email addresses either. A
> friend of mine who is in user interface thinks I'm crazy for not asking
> for verification. But I hate having to type everything in twice. What do
> you think?
Having done it a few times on your site now I'm kind of with you on that. And I've always chuckled to myself as I paste a freshly generated password into both boxes on conventional sign-up forms - that doesn't really confirm anything so the purpose was lost.
On the other hand, my initial reaction tells me that your friend has a point. A Confirmation entry box is a familiar clue to the user that this is a place to register a new password. Right now the invite landing page says:
"Enter A Password For Your Groups.io Account".
The use of "A" instead of "The" is a pretty subtle clue.. Perhaps it could say:
"Choose a new password to create your Groups.io account"
That's even more explicit than a Confirmation box. I'm being a little subtle too: I refer to "new password" here (and in join) to reinforce the idea that the user shouldn't re-use a password they're using elsewhere.
The other reason to have a Confirmation box is that the small bother now may avoid a larger inconvenience (or other cost) associated with correcting it later if you get it wrong. But I think your password reset mechanism (having now been through it too) is facile enough to eliminate this concern.