I know this question has been somewhat answered already in that using client-side scripting does not send emails, but please bear with me. I would like to have a 'send email' form on my website. The thing is that the website will be used by a handful of people who do have an email client installed. So I DO want to use their installed client, but I don't want the client to pop up. Is it possible to have the client do the work and send the email in the background, or must it popup every time?
If it is not possible, can anyone direct me to which server-side scripting language would be the most efficient at emailing a form? And if there are any relevant online tutorials on the matter?
Thanks for your time
Related
I'm trying to create a personal website that has a contact form -- message box, for example -- but whenever I click submit or send, it opens up my Outlook e-mail, collects all the data I wrote down and then I have to click send again in Outlook to finally deliver that e-mail to someone. I'm new to webDev, so I'm just wondering if it's possible.
mailto: URLs are very unreliable and (when they work) always interact with the mail client on the user's machine.
Any solution involving submitting a form to a web server and sending email using server-side programming won't.
Use a server-side solution. Third-party hosted options exist if you don't want to do any server-side programming yourself.
The way to do this is to use a form to send data to your server. Your server then connects to an SMTP server to send the email.
If web pages could send emails on behalf of people without interaction, this would be used for spam.
It is not possible to directly send email from the web browser, whether it is CSS, HTML, nor Javascript.
I'm assuming that you'd like a contact page which would allow anyone visiting to fill in a small form which notifies you by email when they submit it?
unfortunately, this isn't possible using only css, html or javascript - which are the tools available to you in the web browser.
If you're willing to go a little deeper, then this is entirely possible given a server-side application. It's common to do this kind of thing in PHP, but any server-side language would be able to do this. You would need to do some set-up if you wanted to do it yourself, things like setting up a mail server to send outgoing mail. These things can be tricky. I'm sure that there are also many hosted options available, but I'm afraid I don't know of any.
I'm in the process of migrating one of the applications from old system in separate/new system. My Single Page App is built in JQuery/HTML5/CSS/AJAX on the front end and ColdFusion on the back end. Before I start developing my new framework and login page I was hoping for some helpful hints on security and best practice for this purpose. I saw blog post by Raymond Camden where he explained how Login page can be done in JQuery/AJAX and ColdFusion.
Link: https://www.raymondcamden.com/2009/03/24/Simple-example-of-a-Form-post-to-ColdFusion-with-jQuery-Login/][1]
He explained the process but I'm wondering about next few things. My main Login page should I use .html file or .cfm file for login page? Also is there any security risk by doing login process through Ajax from submission? I don't have experience in creating Login system and any help would be appreciated. If anyone can provide some useful blogs or code examples that will help in this process please let me know.
I would love to write this as a comment but the question requires a long answer and can be approached many different ways. Please take this with a grain of salt.
Generally, what I have found is the best practices when dealing with any user input especially when the input is being captured in a specific database is the following things:
Client Side Validation (can be done with JavaScript or HTML5 required attribute, if done correctly can increase security on login form and prevent cross site scripting attacks)
Server Side Validation (can be done with ColdFusion)
Using prepared statements (this is extremely important) against whatever database you decide to use. This can be done with ColdFusions <cfquery></cfquery> tag and make sure to add param for one of the attributes. Documentation is here:
https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-tags/tags-p-q/cfqueryparam.html
As for the file, it's subjective because you can have your client side validation on let's say your login page and if they pass client validation, it'll get redirected to a .cfm file that'll perform a server validation. Or you can just have both client side and serverside validation on a single file in which case the file would need to be .cfm
As for your question about the ajax form submission. Yes their are security risks which plays a big role in how you would write your server side validation
When you're performing checks against your database. The most important thing is making sure you sanitize your query inputs whether it be authenticating a user, adding, updating or deleting from the database.
Why not use the API manager to do this for you? (it comes free with CF2016 enterprise)
Otherwise lookup the OWASP functions and form security sections of the docs.
So, I have a site where I'd like users to send a document (preferably) a pdf file or word doc on button click to a specific email address.
I read that mailto is not a good way to do it because of all the potential spam thats possible from spambots. Disassembling and reassembling the email address doesn't seem that hard to crack either. I don't understand how encoding works so I'd be grateful if someone explains that.
What I would like is: when the user clicks the send button, it opens up an email client with the address of the recipient and of course the mail client would have the ability to send attachments. Whats a good way spam protected way to do this?
The mailto protocol does not include attachments. And it would be a huge security issue as well. Some Outlook-related examples can be found on the internet, but in the case it has been working in the past, it is not possible nowadays and at least not platform independent in every case.
You can't send files with mailto. What you should do instead, which would also protect you from spam bots, is upload the file to your server and send the mail with the attached file from there.
Indeed it is an awesome day to everyone but not for me because I've been handling this battle cry for more than 13 days now and cant get it done. I have searched across the web but cant find the solution that can get my butt out of this mess. And yes stackoverflow is always my last resort when things get worse.
Can anyone suggest what is the best way(or even alternative) in sending email using js or jquery ?. Perhaps a simple snippet would do. Thanks!
You cannot send an email within the client browser. If your website is running on your own webserver, you can send a request from within the browser to your server that sends an email. If you're running a node.js server, there are many email apis.
For example, my business is a Mailjet customer, and so I can use the node-mailjet api on my server-side. Also there's https://nodemailer.com/ and similar npm packages.
Sending email only using javascript on client-side is not possible. By that you would give full control to user what and where he sends email - cool spam solution..
I wouldn't recommend to expose service from server that send email to client-side from server-side with full settings of message that will be sent. You don't want to allow spamming.
Only good approach is to predefine email on server and then when triggering action occurs resolve dynamic values in email on server and send email from server. Still you have to ensure user cant spam with some security policy.
So how to get out of this ? Implement service on server that will send emails for you (called with AJAX), lets say by code name and parameters. On server-side, choose template by code-name and resolve it by parameters passed with server request. Implement you security policy so you can be sure user cant spam (for example when user can choose to which email address will be message sent). Then pass it all to SMTP.
I want to add a contact page on my webpage. However, I'm apparently not allowed to execute a script on my site since it's hosted on a protected school server.
Is there a work-around where I could send an email on the client side? (maybe some ajax trick?)
All I've found so far is a way to use javascript to open the default mail client and prefill all the data. However, I don't really like that. I'd really like a way to send an email directly from my site. I was even thinking that I could create a java applet to create my email page if that's possible.
There is no way to send an E-Mail from the client without the user's consent.
It would be a horrendous security problem if it were possible.
You could make use of a remote form mailing service like FormToEmail, though.