Code Acceptance Checklist
- Coding Naming Convention
- SharePoint Poor Performing vs Better Performing
- SharePoint
- SharePoint Security
Note: Please mark "Y" for implementing, "N" for not implementing standards and "-" for the section that is not applicable.
Coding Naming Convention
[ ] |
Define Class, Enumeration type, Enumeration values, Event, Exception class, Read-only static field, Interface, Method, Namespace and Property in Pascal case. (For example: AppDomain). |
[ ] |
Define parameter in Camel case. (For example: clientList). |
[ ] |
Use recommended capitalization conventions. |
[ ] |
Define public and protected variables in Pascal case. |
[ ] |
Define private variables in Camel case. |
[ ] |
Do not specify the type of variable to the name of variable as it will be misleading. |
SharePoint Poor Performing vs Better Performing
# |
Poor Performing Ways |
Better Performing Alternatives |
[ ] |
SPList.Items.Add |
SPList.AddItem |
[ ] |
SPList.Items.Count |
SPList.ItemCount |
[ ] |
SPList.Items.XmlDataSchema |
Create an SPQuery object to retrieve only the items you want. |
[ ] |
SPList.Items.NumberOfFields |
Create an SPQuery object (specifying the ViewFields) to retrieve only the items you want. |
[ ] |
SPList.Items[System.Guid] |
SPList.GetItemByUniqueId(System.Guid) |
[ ] |
SPList.Items[System.Int32] |
SPList.GetItemById(System.Int32) |
[ ] |
SPList.Items.GetItemById(System.Int32) |
SPList.GetItemById(System.Int32) |
[ ] |
SPList.Items.ReorderItems(System.Boolean[], System.Int32[],System.Int32) |
Do a paged query using SPQuery and reorder the items within each page. |
[ ] |
SPList.Items.ListItemCollectionPosition |
ContentIterator.ProcessListItems(SPList, ContentIterator.ItemProcessor, ContentIterator.ItemProcessorErrorCallout) (Microsoft SharePoint Server 2010 only) |
[ ] |
SPFolder.Files.Count |
SPFolder.ItemCount. |
[ ] |
SPFolder.Files.GetEnumerator() |
ContentIterator.ProcessFilesInFolder(SPFolder, System.Boolean, ContentIterator.FileProcessor, ContentIterator.FileProcessorErrorCallout) (SharePoint Server 2010 only). |
[ ] |
SPFolder.Files[System.String] |
ContentIterator.GetFileInFolder(SPFolder, System.String) Alternatively, SPFolder.ParentWeb.GetFile(SPUrlUtility.CombineUrl(SPFolder.Url, System.String) (SharePoint Server 2010 only). |
[ ] |
SPFolder.Files[System.Int32] |
Do not use. Switch to ContentIterator.ProcessFilesInFolder and count items during iteration. (SharePoint Server 2010 only). |
[ ] |
Response.Redirect |
Microsoft.SharePoint.Utilities.SPUtility.Redirect. |
SharePoint
[ ] |
Dispose SPSite, SPWeb, Database Connection,File Stream Objects or use Using block. Don't dispose object from SPContext, Dispose object before Response.Redirect. |
[ ] |
Reduce Long term object retention by minimizing global/public variable, minimize keeping heavy objects in memory if they are not required, keep methods short. |
[ ] |
Always use SPQuery with Row Limit and ViewFields. |
[ ] |
Try to pick objects with ID, GUID or URL as key for obects like SPList, SPGroup, SPSiteGroup, SPUser, SPRoles, SPFields, SPFolders, SPFiles, |
[ ] |
Never Allow Contributor Users to Add Script to the Site. For checking SPBasePermissions.AddAndCustomizePages |
[ ] |
Your application does not try to directly access any SharePoint databases. Data stores in SharePoint databases are only updated using the SharePoint object model. |
[ ] |
When referencing the SPWeb or SPSite objects, you employ a using statement or, alternatively, you use an explicit call of the Dispose method to ensure proper use and disposing of the memory objects. |
[ ] |
You use caching as appropriate to reduce unnecessary round trips. For Web parts, you expose the cache expiration (duration) as a Web part property. |
[ ] |
When packaging your solution, you include a Code Access Security policy for the solution and if necessary, include your assembly in the Safe Controls list though the solution. |
[ ] |
If you need to update multiple list items using remote code, you use the Web service to update list items. You only use SPListItem.Update() if you have to update more than one item at a time by using local OM-based code. |
[ ] |
When using the Count property of a SPListItemCollection, you only call it once and then store it in a variable that you can refer to when looping. You do not call it inside a loop. |
SharePoint Security
[ ] |
You avoid using AllowUnsafeUpdates. You use ValidateFormDigest() and if necessary, use elevated privileges to interact with SharePoint objects. In cases where AllowUnsafeUpdates must be used, you ensure that. |
[ ] |
AllowUnsafeUpdates is set to False in your try-catch-finally block, or you use a Dispose() method (as required by the IDisposable interface) to avoid security issues. |
[ ] |
Never allow contributor users to a add script to the site. For checking SPBasePermissions.AddAndCustomizePages. |
[ ] |
Use SPUtility to redirect to a different page to prevent cross-site scripting. |
[ ] |
Elevated objects must remain inside a RunWithElevatedPrivileges block. |
[ ] |
Only use SPSecurity.RunwithElevatedPrivilege to make network calls under the application pool identity. Don't use it for elevation of privilege of SharePoint objects. Instead, use the SPUserToken to impersonate with SPSite. |
[ ] |
Encode output properly using SPHttpUtility methods for Cross-Site Scripting. |