 |
 | Prohibit HTML tags in form submission |  |
|
tdiehl
|
|
I have a Guestbook on my site and recently spammers have been using this to spam their web links. The form consists of two field: a Name field and a textarea for entering a message. I thought about doing a image verification system and was going to create it myself, but wow that might take a while..so currently I am simply blocking the entry of the form info into the database via IP, which I obtained on the previous spammer. Clearly this isn't going to stop them all(diff spammers, dhcp, etc..)
So, anyone know of a script or easier method to handle this? Like prohibiting html tags on form submission or even on the output page prohibing html tags in the message(although this might still allow the text) thanks! |
|||||||||||
|
|||||||||||||
 |
| CAPTCHA might help | |
|
cariosgroup
|
|
If adding an extra step for a human is OK, here is code that requires a user to enter in text before they can post....
http://www.emerle.net/programming/display.cfm/t/cfx_captcha |
|||||||||||
|
|||||||||||||
|
| Re: CAPTCHA might help | |
|
tdiehl
|
|
thanks for this info, I might try that.. |
|||||||||||||
|
|||||||||||||||
|
| Re: Prohibit HTML tags in form submission | |
|
tl99
|
|
Not sure if you still need this.. But use of the HTMLEditFormat() Function should strip it of html tags. |
|||||||||||||
|
|||||||||||||||
|
| |
|
sc
|
|
I had noticed that the spammers were coming straight to the page to sign & leaving, so this code at the top of the "sign" page works for me so far.
<cfif cgi.http_referer DOES NOT CONTAIN CGI.SERVER_NAME> <cflocation url="http://go-elsewhere.com" addtoken="no"> <cfabort> </cfif> Also, in the part of the page to process the form & before posting I check to see if things like '<', '>', 'http', so on is defined. If so, I have an Alert pop-up saying that html references is not allowed. |
|||||||||||
|
|||||||||||||
|
| CF - prevent submission of comments containing html code | |
|
John
|
|
Apparently there is a guestbook spambot that has located my comments page. I recently deleted over 5K entries from viagra, porn, etc spammers. They entered their name, email, and subject with what appears to be valid data and then they enter thier URL in the comment field. I assume this is some type of automated script and I am hoping someone can give some guidance on preventing this, perhaps some type of validation that rejects all entries with html?
|
|||||||||||
|
|||||||||||||
|
| |
|
Jason101
Forum Regular
|
|
You can use Regular expressesions and match every html tag:
Assuming your content is stored in Form.Comments
This *SHOULD* match any HTML tag. and remove them accordingly by replacing them with nothing. I'm not an expert on regular expressions, so maybe someone else has a better way via RegExp |
|||||||||||||||
|
|||||||||||||||||
|
 | Prohibit HTML tags in form submission | |
|
||
|
|
|