Users’ Privacy

I have been in the game for over 20 years making websites and my philosophy hasn’t changed. My first priority has always been our users. From accessibility to usability to security to privacy, I fight for our users every step of the way.

When I was in charge of the site, I made sure the pages are fast, secured, easy to navigate, and optimized across devices and screen readers. The pages had to work with JavaScript turned off. I am not against using JavaScript. In fact, I encourage using JavaScript through progressive enhancement. My concern has always been the abuse of JavaScript, particularly in the privacy territory.

When I had to work directly with third-party vendors on digital marketing, I needed to know exactly what information they collect from our users and what they do with the data. Furthermore, I would limit their tracking to relevant pages, and not the entire website. I also made sure that they would be responsible for any privacy issues they created. If I didn’t hold them accountable, they would have the ability to use cross-site scripting to hijack our site to do whatever they wanted with our users’ data. I wouldn’t allow that to happen under my watch.

Dark-Pattern Scripting

As I was driving on the road, I received text messages, emails, and phone calls about our site was being hacked. When someone clicked on an email link on any page, they would get a pop-up form instead of their email client. The recipients would get an email from [email protected] instead of the senders’.

My first thought was our site was being hacked with XSS (Cross-Site Scripting). I called my assistant on my phone and walked her through the diagnose. I asked her to look for strange scripts in our templates. Then I asked her to comment out the script tags, which included Google Tag Manager and Pixel Tracking. When she commented out the Pixel Tracking script from a third-party vendor, the pop-up form went away.

The Pixel Tracking script allowed them to hijack our site and inject XSS into our pages with any email links. The JavaScript codes created the pop-up form. The submission from the pop-up form allows them to obtain all of the email messages. This is a serious privacy concern. Email communications should be between the sender and receiver, not the third-party.

I didn’t work with them on this Pixel Tracking script. When I worked with third-party vendors in the past, I made sure that they told me exactly what they were capturing. They would need to check with me first before they implement these types of dark patterns. I would also limit their tracking to a specific set of pages under a directory instead of the entire site.

“Fuck You Pay Me” CMS

I am working with a proprietary CMS that might as well named “Fuck You Pay Me.”

We don’t have that feature in our CMS out of the box, but we can create it for you. “Fuck You Pay Me.” We don’t have that functionality right out of the box, but we can develop it for you. “Fuck You Pay Me.” We don’t support that technology yet, but we can incorporate it for you. “Fuck You Pay Me.”

The code we wrote won’t work with JavaScript turned off, but we can rewrite it. “Fuck You Pay Me.” We never worked with Service Worker API before, but we can implement it. “Fuck You Pay Me.” Our framework doesn’t support multi-column grid layout, but we can add it for you. “Fuck You Pay Me.”

I am not paying for the bill so go ahead and get your money.

Dynamic Content Migration

Can you explain the migration process for the course catalog, course schedule and syllabi, working papers, clinics and externships, class notes, and student organizations?

The current course catalog has over 400 courses. The landing page is automatically populated from individual courses. The JD focus areas and concentrations are also automatically populated based on the filtering options on individual courses. The discontinued courses are also automatically populated from individual courses. As a result, we only need to maintain and update the individual course. Each course has robust form fields such as course attribute, course credits, semester taught, focus areas and concentrations, and prerequisites. If we lose all of the dynamic functionalities, updating these pages will be a nightmare, especially for those who don’t know HTML. We would need to manually update at least three different places.

Before each semester began, we received the course schedules in Excel from our academic admin. We converted the Excel files into CSV files then imported them into MODX. Then MODX would populate the course schedules. We would need similar functionality in Cascade.

The faculty working papers wouldn’t be any good if they are migrated over as static pages. They are tied with the faculty directories and the none-Mason author directory. This morning I checked, we have 1457 papers. Making changes manually would be a nightmare.

If the new CMS is making the updating process much more complicated than we are not doing it right.

Cascade’s Connectors

As the Law School is migrating to Cascade, one of the services they will provide is connecting the current course catalog in MODX to Cascade. I don’t know much about Cascade and its knowledge base isn’t too helpful. It states that, “Connectors allow you to take advantage of third-party web services by creating a connection between these applications and Cascade CMS.” My understanding is that Cascade will connect with MODX for the course catalog. If that’s the case, we can’t get rid of MODX, but we will be using two CMSes simultaneously. Is this what you get for a $200,000 CMS? It’s not my call.

Implementation Technical Specifications for Cascade

Some of the items I put together for the technical teams at Cascade to review.

Multi-column Layouts

A request for multi-column layouts in Cascade to give us the flexibility to create diffent looks and feels.

RSS Feeds

We offer RSS feeds for our news, spotlights, and faculty working papers. Our events are powered by WordPress, which has an RSS feed as well. On our current site, spotlights aren’t part of the news. The difference is internal vs. external. A news item has a headline linking to an external source. Spotlights are articles we write ourselves. A spotlight has a headline, a thumbnail photo, optional feature photos, and a story. Even though spotlights are different, they can be a category in the news module in Cascade.

RSS Feed for Faculty Working Papers

For our faculty working papers, I recommend having an RSS feed as well. It gives readers an additional way to access the papers, which increases exposures and download rankings.

RSS Parser

We need the ability to parse RSS feeds to display content on our site. We use aggregate RSS feeds from outside sources to pull into our site. Some examples included Google News, Center news (from WordPress), and events (from our EMS Calendar). Both MODX and WordPress have plugins that can parse standard XML and Atom formats. They can be customizable to fit our needs. I thought Cascade could do the same.

Random Function

We use random functions in several cases. The most prominent one is for the image heroes on our homepage. For the technical implementation, we would prefer the execution on the server side rather than the client side. We don’t want to jam any more JS into the users’ browsers. If JS fails to load, our site will be inaccessible.

Responsive Images

For our current homepage banners, we provide two versions: desktop and mobile. Can we do the same in Cascade?

Custom CSS & JavaScript

We need to add custom CSS & JavaScript to a particular page or a set of pages under a directory (inheritance). Can we add custom CSS & JS to the header in Cascade?

Custom Meta Tags

Weworked with SEO agencies to improve our search-engine rankings. They requested the ability to add custom meta tags for keywords and descriptions to a particular page or a set of pages under a directory (inheritance). Can we add custom meta tags to the header in Cascade?

Inject Codes to Header and Footer

We worked with marketing agencies who requested the ability to add pixel trackings to a particular page or a set of pages under a directory (inheritance). Can we add codes to the header and footer in Cascade?


I mentioned inheritance in the three items above. In our current CMS, we have the option to add codes to a set of pages inherited from the parent directory. For instance, if we would like to add a pixel tracking to all of the pages under admissions, we could do so on the admission parent directory. This also works with the secondary set of navigations.

Blank Page Without Any Styling

At times, we needed to publish a blank page without any styling and it allows us to add custom styles for that particular page.

Auto-Generated Anchor Links

Let’s take a look at one of our LLM Admissions FAQs page. There are about 32 questions with answers. To help students read through the questions quickly, we use anchor links. Obviously we can do this manually, but it is super tedious. You have to:

  • Know HTML
  • Write the unordered list
  • Write anchor link for each question
  • Write ID for each H tags
  • Make sure anchor links and H tags match up.
  • In MODX, all of these are dynamically generated. MODX populates all the anchor links and injects IDs into the header of each section based on the H tags. H1 would generate an li, H2 would generate a child of li, and so forth.

    Someone without any knowledge of HTML can just copy and paste a Word Document into MODX, and MODX takes care of all of the coding. This functionality comes right out of the box in MODX. Does Cascade have this functionality out of the box or is it capable of doing this?

List Files In a Directory Using PHP

This handy PHP script will print out all the specified files (.jpg and .png):

// open this directory
$myDirectory = opendir(".");

// get each entry
while($entryName = readdir($myDirectory)) {
$dirArray[] = $entryName;

// close directory

// count elements in array
$indexCount = count($dirArray);

// sort 'em

// print 'em

// loop through the array of files and print them all
for($index=0; $index < $indexCount; $index++) {
if ((substr("$dirArray[$index]", -4, 4) == ".jpg") || (substr("$dirArray[$index]", -4, 4) == ".png")){ // only list jpg and png files
print('<img src="'.$dirArray[$index].'">');


Simple Slideshow

I needed a simple slideshow to display images on a large-screen TV and I came across Simple Fullscreen Image Slideshow. It was exactly what I needed and the codes are just so simple. I loved it so much, I replaced all my Flickity slideshows with this one. Here’s an example. Although it works as webpage, my goal is to create a digital display slider. Here’s the entire page:

<!DOCTYPE html>
<html lang="en">
<meta charset="utf-8">
<meta name="viewport" content="width=device-width">
@keyframes fadey {
0% { opacity: 0; }
15% { opacity: 1; }
85% { opacity: 1; }
100% { opacity: 0; }
body {
  font-family: Avenir, Arial, sans-serif;
  font-size: 0;
  background: #000;

body, figure {  margin: 0; padding: 0;}

figure#slideshow {
  width: 100%;
  margin: 0 auto;
  position: relative;
  /*border: 1px solid #000;*/
  cursor: pointer;
figure#slideshow img {
  position: absolute;
  left: 0; top: 0;
  width: 100%; height: auto;
  opacity: 0;
figure#slideshow img:first-child { position: relative; }

#container:fullscreen {
  display: flex;
  justify-content: center;
  align-items: center;
  background: #000;
#container:-moz-full-screen figure, #container:-ms-full-screen figure, #container:-webkit-fullscreen figure, #container:fullscreen figure {
  width: 100%;
  margin: 0 auto;
  background: #000;
:-webkit-full-screen {
  width: 100%; height: 100%;
*:-moz-full-screen {
  background: #000;
*:-webkit-full-screen {
  background: #000;

function cancelFullScreen() {
if (document.cancelFullScreen) {
} else if (document.mozCancelFullScreen) {
} else if (document.webkitCancelFullScreen) {
} else if (document.msCancelFullScreen) {
link = document.getElementById("container");
link.setAttribute("onclick", "fullScreen(this)");

function fullScreen(element) {
if (element.requestFullScreen) {
} else if (element.webkitRequestFullScreen) {
} else if (element.mozRequestFullScreen) {
link = document.getElementById("container");
link.setAttribute("onclick", "cancelFullScreen()");

window.onload = function() {
  imgs = document.getElementById('slideshow').children;
  interval = 8000;
  currentPic = 0;
  imgs[currentPic].style.webkitAnimation = 'fadey '+interval+'ms';
  imgs[currentPic].style.animation = 'fadey '+interval+'ms';
  var infiniteLoop = setInterval(function(){
if ( currentPic == imgs.length - 1) { currentPic = 0; } else { currentPic++; }
imgs[currentPic].style.webkitAnimation = 'fadey '+interval+'ms';
imgs[currentPic].style.animation = 'fadey '+interval+'ms';
  }, interval);
<figure id="container" onclick="fullScreen(this)">
<figure id="slideshow">
<img loading="lazy" src="img/01.jpg" alt>
<img loading="lazy" src="img/02.jpg" alt>
<img loading="lazy" src="img/03.jpg" alt>

Hanging Punctuation in CSS

To hang your quotes in CSS, this is all you need:

html {
  hanging-punctuation: first allow-end last;

At the time of this writing, only Safari implemented this property. To make it work in other browsers, negative text-indent is needed. Nevertheless, I went ahead and added hanging-punctuation and removed text-indent for the title of JAY-Z’s song from the Beacon of HOV project. That way, the hanging punctuation would just work in all browsers in the future.

MODX Support Team Rocks!

The MODX Support Team had proved once again to be indisputable in customer service. Their team members assisted us every step of the way to migrate the Scalia Law School’s CDN and WAF from StackPath over to CloudFlare Enterprise. We ran into a few obstacles during the process, but they were patience, responsive, and diligence in making sure that we succeeded in the migration.

If you need a CMS that offers flexibility, durability, and security, MODX is the solution. If you need a rock-solid hosting with top-notch support, MODX Cloud is the way to go. The Scalia Law School Website has been powered by MODX for more than 15 years and hosted by MODX Cloud for more than 3 years.

In the CMS space, MODX beats WordPress, Drupal, Joomla, and Cascade to the pulp. Hats off to Jay, Liz, Garry, Ryan, and Jimmy. You all rock!