如何阻止漫游器使用.submit()绕过我的“必填”字段?
[英]How do I stop bots from using .submit() to bypass my 'required' fields?
问题描述
I have a form which is producing a lot of spam. 
我有一个产生大量垃圾邮件的表格。 I have made all inputs required and have attached a captcha. 我已经输入了所有必需的内容,并附带了一个验证码。 This has not had any affect. 这没有任何影响。
I assume the bots are using form.submit() as for some reason this bypasses all my required fields AND also bypasses my onsubmit="check(e)" 我认为漫游器正在使用form.submit() ,因为某些原因,它绕过了我所有的必填字段,也绕过了我的onsubmit="check(e)"
I cannot seem to grab this event .submit() by any means. 我似乎无法以任何方式抓住此事件.submit() 。 Does anyone know how to catch this event and make sure it is cancelled. 有谁知道如何捕捉此事件并确保将其取消。 I want the only way to submit the form is through clicking the submit button. 我希望提交表单的唯一方法是单击“提交”按钮。
$("#myForm").submit(function(event) {
console.log("Handler for .submit() called.");
if (CaptchaInput.value == "") {
event.preventDefault();
}
});
My code that was supposed to catch a .submit() call and prevent the form submission. 我的代码本应捕获.submit()调用并阻止表单提交。 This function is never triggered. 永远不会触发此功能。
<form target="hidden_iframe"
onsubmit="if (CaptchaInput.value == '') { why += '- Please Enter CAPTCHA Code.\n'; alert(why); return false; };return checkform(this)" id="myForm">
2 个解决方案
解决方案1
2 2019-09-08 09:06:33
You cannot. 你不能。 I can submit your form without a browser, or with JavaScript disabled. 我可以在没有浏览器或禁用JavaScript的情况下提交您的表单。 Anyone can just send an HTTP POST request to your server, without going through any client-side process you may introduce. 任何人都可以将HTTP POST请求发送到您的服务器,而无需经历您可能会介绍的任何客户端流程。
The solution to your problem is to also verify on the server , and don't rely on the client side validation to have completed successfully (or indeed, even to have been run at all). 解决问题的方法是也在 服务器上进行验证,而不依赖于客户端验证来成功完成(或者甚至根本不运行)。
Treat client-side validation as a convenience to your users, they see the error immediately without having to retype and resubmit the entire form. 将客户端验证视为方便您的用户,他们可以立即看到错误,而不必重新输入并重新提交整个表单。
解决方案2
-1 2019-09-05 08:36:32
You can define the onsubmit attribute of the form, to run a function that validates your input. 您可以定义表单的onsubmit属性,以运行验证输入的函数。 The browser will submit the form only if that function returns true. 仅当该函数返回true时,浏览器才会提交表单。
UPDATE: You can define the action only after the form has been validated. 更新:您只能在验证表单之后定义操作。
So, your html will look something like this: 因此,您的html如下所示:
<form id="myForm" onsubmit="return checkRecaptcha()" action="disabled">
<input type="text" name="myTextInput" value="">
<input type="submit" value="Submit">
</form>
And your javascript code, that defines the function will look like this: 定义该函数的JavaScript代码如下所示:
function checkRecaptcha() {
if (CaptchaInput.value == "") {
document.getElementById("myForm").action="myCorrectUrl";
return true;
} else {
alert("not allowed");
return false;
}
}
Then for catching the submit function: 然后为了捕获提交功能:
document.getElementById("myForm").submit = function () {
console.log("catched");
return false;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.