Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
I have a form on a website I wish to validate. It is a simple enough Bootstrap 3 marked up form. Please see the image below.
As you can see it's nothing too fancy...
In terms of validation what is the right way to write concise code that serves the designated purpose? For instance if I were to have 20 fields, is it appropriate or considered okay to have isset used on every posted variable?
Typically best practice is to have both client-side and server-side validation, so I think the best answer is both.
This is important because, if you just have client-side (JS) validation anyone can go into DevTools and change your form around to avoid the validation rules. This is especially try for spam bots which look for these types of exploits.
Having server side validation in conjunction with your client side solution can ensure quality data being passed into your database.
Hope this helps.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I'm trying to hack a riddle like game on a website where we enter the correct answer and proceed to next level. In the source I've found the form is defined as <form id="submission-form" class="row" action="#" name="subForm">
and the following script
$('form').on('submit', function(e){e.preventDefault();submitAnswer();});
I tried to find the definition of submitAnswer() function but couldn't find any in all the scripts. And When I submit the form my browser makes a post request to the php file which is mentioned in the page url also.
So my questions are
Is the submitAnswer a php function and if not is there any way to find its definition?
Can I view the php script that the form is posting to anyhow.
This one is lame , Is there any way I can extract the correct answer from the server(by sql injection or some tool) ?
submitAnswer() is a Javascript function and is there somewhere, if you look hard enough.
No.
Probably not, depending on the proficiency of the programmer who setup the PHP code.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I would like to verify that a string is valid HTML, like the W3C Service does. I specifically don't want any browser corrections (like closing open tags), which precludes options that create DOM elements and read the HTML from them. It will run very frequently, so I really need to run it locally. Libraries are OK, jQuery is OK.
Edit #1: I'm asking about HTML validation, not form or input validation.
Edit #2: What I need is basically a Javascript implementation of the Nu HTML Checker.
Provided you're running node.js or python on the server side you can use a library like html5-lint by Mozilla to do all the heavy lifting for you. And for the java world there is a similar library jtidy and there are countless of similar libraries out there.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I have a question.
Spam bots can't/don't use JavaScript. If I create form which works only with JavaScript enabled, is it enough to block spam bots?
I am talking about forms, that load fields via jQuery-ajax. These fields are required to send the form. Is it enough or am I only dreaming and should use some methods like non-visible input forms?
Your reasoning that spam bots don't, can't use JavaScript is incorrect. Most spam bots won't execute JS, but there are a lot than actually can and will execute JS.
There are a few possible techniques that you could employ:
Require users to log in. Always works, but it might not be what you want
Captchas: the most effective (provided you use good captcha's), but unfortunately also the most annoying from the user's point of view
Honeypot: Include one field with a regular name (and make it hidden with CSS for example). When you receive the form values on the server, if the field is not empty, it's a spam request and you deny it. A normal user wouldn't fill it in, so when it's filled in, it's probably a spam bot just filling in everything.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I want to get the dates booked and price from the the airbnb page: https://www.airbnb.com.sg/rooms/2781352 under the "Calendar" tab of it.
I am quite newbie to this, and I want to python to do that, can I?
And what else should learn, javascript, PHP?
For extracting data from web pages, my first stop is Beautifulsoup. It is designed for just this purpose, and is excellent at it. Combine it with the great requests HTTP library (so much better and easier than urllib/urllib2/etc.) for getting the pages.
Both of these are Python modules, there is no need to learn any other programming languages to do it, although it greatly helps to have an understanding of HTML and DTDs (Document Type Definitions) for setting up paths.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I am new to Web world. I am working in a project , which required encryption of HTML. I am doing encryption using following sites.
http://www.smartgb.com/free_encrypthtml.php
http://www.onlinehtmlencryption.com/
The project is build in dotnetnuke. The encryption is performed in JavaScript.
Can any body tell me its Advantages or Disadvantages ? so that i will be in better potion to decide.
Disadvantage: there's absolutely no point to it. The browser requires the raw HTML in order to be able to render the page. That means everything to decrypt the HTML must be given to it in the same turn. That makes this encryption pointless, as anyone can decrypt the HTML just the same as the browser must. You're not hiding anything from anyone, because you can't.
In fact, anyone can simply use the browser's DOM inspector (typically: right click > Inspect Element) to poke around the decrypted and rendered "HTML".
Advantage: Piss off yourself when working with your own site, if you're a masochist?