The following sections provide guidelines for allowing the user to mark bookmarks. Bookmarking is disabled by default. For more information on specifying bookmarking options, see Allowing users to bookmark your service.
GUIDELINE: Make frequently visited URLs markable.
Bookmarks make navigation much simpler for users. Subject to the security considerations discussed in the following sections, attempt to make all frequently visited URLs markable.
GUIDELINE:
Always use the TITLE option for bookmarkable cards.
This makes bookmarking much easier for the user. If you do not specify this option, the default bookmark name is the first line of the card--which usually doesn't provide a meaningful bookmark name.
GUIDELINE: Do not make "private" URLs markable.
When you set the MARKABLE option for an HDML deck to TRUE, it implicitly sets the deck's PUBLIC option to TRUE, removing access control for the deck. Other services can directly link to cards within the deck, creating a potential security risk.
GUIDELINE: Do not allow users to mark URLs that have side effects.
If you make a deck markable, the user can create a bookmark that directly requests a card within the deck. Therefore, you should make sure that none of the cards in the deck executes a transaction that user might not want to execute. For example, if a deck contains a card that executes a stock trade (like the second deck shown in Figure 8-8), make sure it is not markable.
FIGURE 8-8. Deck that should not be markable