Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I have a question.
Spam bots can't/don't use JavaScript. If I create form which works only with JavaScript enabled, is it enough to block spam bots?
I am talking about forms, that load fields via jQuery-ajax. These fields are required to send the form. Is it enough or am I only dreaming and should use some methods like non-visible input forms?
Your reasoning that spam bots don't, can't use JavaScript is incorrect. Most spam bots won't execute JS, but there are a lot than actually can and will execute JS.
There are a few possible techniques that you could employ:
Require users to log in. Always works, but it might not be what you want
Captchas: the most effective (provided you use good captcha's), but unfortunately also the most annoying from the user's point of view
Honeypot: Include one field with a regular name (and make it hidden with CSS for example). When you receive the form values on the server, if the field is not empty, it's a spam request and you deny it. A normal user wouldn't fill it in, so when it's filled in, it's probably a spam bot just filling in everything.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
I have a form on a website I wish to validate. It is a simple enough Bootstrap 3 marked up form. Please see the image below.
As you can see it's nothing too fancy...
In terms of validation what is the right way to write concise code that serves the designated purpose? For instance if I were to have 20 fields, is it appropriate or considered okay to have isset used on every posted variable?
Typically best practice is to have both client-side and server-side validation, so I think the best answer is both.
This is important because, if you just have client-side (JS) validation anyone can go into DevTools and change your form around to avoid the validation rules. This is especially try for spam bots which look for these types of exploits.
Having server side validation in conjunction with your client side solution can ensure quality data being passed into your database.
Hope this helps.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I wish to get the contents of a web page that requires me to be logged in (and one that I do not have control over: e.g. Twitter or Facebook), for example I can have Chrome running and I can see Ajax updating the page updating, but I want to periodically get the contents of this page and somehow save it. I don't mind leaving a computer running to achieve this...
You can use any http software to achieve this (like curl). Depending on the site it will take some investigation of how requests are made, in what order, the post data, the encryption, the user agent, cookies, headers, etc. etc.
It could take some time to find the right recipe.
Generally these sites don't want you to do this though, so don't be surprised when you run up against captcha or other clever methods from preventing exactly what you're trying to do.
Chances are, if you have to ask, you won't get in. But have fun.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I'm trying to make it easy for people to fill out this form http://parkplanning.nps.gov/commentForm.cfm?documentID=55416 by opening it in a new window and having some of the fields pre-populated. I don't own that form, so I can't change it - and it must be opened in the user's browser as I'm sure they check IP addresses for the submission.
I'm not sure how the best way to do this would be. I'm guessing javascript? Any suggestions/pointers?
Seems like I need to perform cross-site scripting. Is that doable via frames or something?
If you're just having the page open in a new tab or frame, then you can't do anything. As you said, you don't own the form, and can't change it. They probably don't check IP addresses for the submission, but it's not ethical to spoof, and it's extremely unethical to do any cross-site scripting.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I am making an open-source addon for firefox and chrome called and I am wondering if there is a way to control an email service like yahoo using javascript?
You can control the look of the page and probably (although I cannot be sure) send and edit messages without having to use the on-page buttons, but you cannot do server-side stuff such as logging into an account from a page without a log-in on it or sending a message from a page other than the email sending page. If you have any specific questions about controlling one specific thing, please add them in the comments, and I may answer them.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
How can I sniff the Print Screen key so that when it is pressed, a number of events happen on a web page:
There will be a dialog box that will pop up so that the user will only have to input the email address of the recipient.
The image on the clipboard is automatically attached to the composed mail.
If it helps, I'm using PHP 5.3.5, Javascript and Swift mailer.
This is completely impossible.
You might be able to get access using a signed Java applet. I do that to read some network properties for a web-based Wake-On-Lan service, but I've never tried to access the system clipboard. I suspect that there's probably a better way to do what you're trying but you don't give any information on the actual application to make a suggestion.
You can not access clipboard and other system-specific facilities with javascript, due to security. Let alone sniff the keyboard.