is there any way to prefill textarea with link of page that user is trying to share but so that he can´t delete it. I am talking about sharing form via email.
The form is obviously done in php.
Edit:
I used the field Edit Summary but I don´t see it anywhere so it may be here twice I can be blind :D
The onlyread function is not what I´ve wanted. User is allowed to write into textarea but the part of the text hasn´t be touchable. As junkfoodjunkie said it seems like the only way to do it. But still posting some advices if you see the whole code may change it.
most inputs can use readonly="readonly" to prevent predefined values from being edited.
<textarea name="verbage" readonly=readonly cols="5" rows="9">
Can't touch this
</textarea>
<input type="text" name='moreverbage" readonly=readonly value="NO EDITING ALLOWED">
If the mail sending is done via PHP, just have that default text be part of the server-side send-mail script, and put it in if the text in the message / textarea doesn't contain the default text. You cannot trust client side solutions, and all of the solutions mentioned above is removed by a simple code-editor (Firebug, for instance), before clicking submit.
Check the content in the mail-sending script, and if the default text isn't there, either replace or add/prepend the text you want.
Related
I have a contact form on a web site; just ordinary html in a php page:
<textarea name="message" id ="message" rows="10" cols="30"> </textarea>
I didn't yet sanitize the input as I figured that it was only going to be sent as an email anyway...
Interestingly, the spammers have found a way of attaching/inserting what appears to be a .PDF doc to the message.
My two questions are:
1. How are they doing this? I can't seem to find a way to insert a document or attach a document to a message in a textarea, so how can they?
2. Will sanitizing the input with strip_tags and htmlspecialchars stop them doing it?
Thanks.
Edit:
Thanks for getting back to me - here is a screen shot of one of the emails; as you say, gmail seems to be picking up the url:
I don't suppose I should click on that link, hey?
Without more detail, I can only guess. <textarea> does not allow attaching a file, only text (string of any characters). It would allow including a URL in the text. If you send this URL-containing text via email, your email reader likely recognizes the URL-string and converts it to a clickable link. So, strictly speaking, the PDF file is not appended to the email, but a link to the PDF is.
If this is the case, sanitizing for HTML tags won't work but sanitizing for URLs will.
I am created a dynamic registration page using HTML, PHP, and Javascript. I am trying to make it so that the form would not be submitted unless it meets the requirements of the form. Some sample requirements are if a field is filled, verified, in email form, or has minimum length. I have a quite a bit of required fields now and it's a pain to fill all of them when I want to test the form. I'm using Eclipse IDE and I'm using the built in web browser and a web server to test the form. I already have code implemented to verify the input upon some basic requirements.
How can I auto fill my HTML form web page with various fields and various types of entry without having to change the code? This is only for testing purposes to verify that my form is producing the correct output given a set of inputs.
You could use a macro program to autofill the form. One such program is AutoHotkey. I am sure there is a more convenient way to do so. Of course, if you use autohotkey you should use the autowriter as well which can be found using this Stack Overflow post: https://superuser.com/questions/229720/where-can-i-find-a-macro-recorder-for-autohotkey Best of luck!
Use the value. Like this:
<input type="text" name="something" value="value here">
In case of a textarea:
<textarea cols="5" rows="5">value here</textarea>
I have a html form with some text input and a file input (image logo).
Now, if there is an error with one of the text inputs (like length is invalid) when the user click the submit button [client->server(php)->client], the content of the file input is cleared which is annoying!
I set others text input with last values when the page submits with an error, but I cant with a file input. I tried to set the file input value with document.getElementsByName('logo')[0].value; to set it in a hidden value but I got the path "C:\fakepath\random-0690.JPG"... this is so shocking, I know its for security purposes but it is shocking...
How i can resolve that? Thanks.
It's not possible. You cannot remotely set the value of a file input as a basic security measure. If you could, then it'd be trivial to do <input type="file" value="/etc/passwd" name="pwn3d" /> and steal any file you want from the user's machine.
There's nothing shocking about it at all. Live with it, or enjoy having your files stolen.
I found the answer !
This is simple, I created an AJAX call that send the form contents and validate if everything is okay. Then if there are errors, display these (and it will keep the values and file attachments in the form) .. Else : Send the post form and the attached file.
One field in our website's sign-up form is occasionally left blank yet we need it to include one sentence that for legal reasons must not be editable. This is then later used as part of the user's profile and will sit in the same place if they added content to that field too during the initial sign-up.
How can we populate this single field with an uneditable/undeletable sentence, yet allow text to be added above it if the user chooses to?
Currently the field in question looks like this:
<textarea name="description" id="eBann" rows="2" maxlength="1500" cols="20" onKeyUp="toCount('eBann','sBann','{CHAR} characters left',1500);"><?php echo $description;?></textarea>
Why don't you just use the input for the optional extras and put the uneditable part in the HTML directly below it? For the prompt use something like: "Here's our sentence, if you want to add your own comment, enter it here." In the form processing script, just concatenate it with the static sentence.
Any HTML form can be changed by the user (even if it says readonly). The only way to do this safely is either server-side when they submit the form, or server-side when you get and output the information.
EDIT:
With dual languages (I'm assuming human language, not programming!), you'll definitely want to output the string with the rest of the information, and never store it in a database. That'll help you in case you ever want to change what the string is, and also will allow localisation for different languages.
I'm setting up a contact form, but I have some saved information in some spans (It's an ecommerce shopping basket) and the built in checkout is awful so we're just slapping together an easy solution: turn it into an email form and email us the order instead of losing customers.
Anyway, can I use the info in the span, taking the id or name or do I have to turn it into an input? And if I do, how can I disable the input field?
Example of code I want to take into the email is in this jsFiddle, I want the spans with name="ACTUAL PRICE" etc emailed. Is this possible?
Thanks :)
Maybe you want to use a hidden input field.
<input type="hidden" name="key" value="foobar" />
It is not displayed, but can be used to submit information with the form.
You'd be far better off using hidden form fields if possible. Else if the user has JS disabled you may run in to issues down the line. Rare but possible.