I have a confusion, i was going through a blog and in its comment it was suggested that target="_self" is vulnerable. It is true, if yes how we can fix it?
<form action="../process.php" method="post" name="login-form" target="_self">
<div class="FormItem">Username:
<span id="sprytextfield1">
<input class="textbox" type="text" name="text1" id="text1">
<span class="textfieldRequiredMsg">A value is required.</span></span>
</div>
<div class="clear"></div>
<div class="FormItem">Password:
<span id="sprypassword1">
<input class="textbox" type="password" name="password" id="password1">
<span class="passwordRequiredMsg">A value is required.</span></span>
</div>
<div class="FormItem">
<input name="login-submit" type="submit" value="SUBMIT">
</div>
</form>
it has nothing to do with security
the last time i used target, it was just to tell the form where the results are to be displayed, be it in the page itself, an iframe, or another frame in a frameset. as far as i know, it's pretty much useless.
here's a reference from sitepoint, indicating that "target" in forms are deprecated. (Hint: they died with Frameset)
The target attribute is deprecated, and, like the use of frameset for layout purposes, it’s no longer widely used. However, if you do find yourself having to maintain a frameset-based web site, you may wish to present the results of a form submission in a separate frame. For example, you might work with a two-framed page that displays the search form in the first frame and the search results in the second frame, refreshing only the results frame each time the form is submitted.
No target="_self" has nothing to do with it....
Related
I'm creating plugin in Wordpress with more steps form, and I would like to take some advice from you.
I've one function (using shortcode) with first form, after submit, I'd like to go on next step, but I don't know which solution is the best
My function:
function task_shortcode(){ ?>
<form id="form" action="" method="post">
<h3>Add new task</h3>
<div class="task-title">
<label>Title</label>
<input type="text" id="text" name="text">
</div>
<div class="task-description">
<label>Description</label>
<textarea id="desc" name="desc"></textarea>
</div>
<div class="task-new">
<input type="submit" id="create-task" name="create_new_task" value="Create new task">
</div>
</form>
<?php
}
add_shortcode('task_site','task_shortcode');
After that I want to go to another form and I dont know how to handle it. Using classic php action on submit button, or is there another solution?
I've found this, but I don't know if I can use it, because I want it to use on frontend.
https://www.sitepoint.com/handling-post-requests-the-wordpress-way/
Thanks for every advice
Just a brief question on the correct way to approach this. I am allowing form posts to a database without user registration, where each post will be reviewed. However, the page will be a multi-page form including file uploads.
What do I do if the user goes through the first few pages of submitting the form, including uploading files, and then abandons the form submission.
How do I go about cleaning up the unneeded data and uploaded files, whilst still making sure I don't remove it if they are in the process of posting it.
I was dealing with similar issue. My situation was a little bit different. I needed to give an option for the user to post an advertise and in the same time to allow him to upload images.
I approached this by putting a hidden field in the form that was holding the uploaded image filenames. For the upload itself I used ready library dropzone.js, as you already experience the problem with abandoned form process I simply decide to put the files in a temporary location /temp
and then if the form is actually completed then based on the value in the hidden field I am moving those images from the /temp to their permanent location. The leftovers in /temp folder can be easily then removed by a scheduled job that checks their creation time and deletes those that a day old for example.
Hope this gives you some ideas.
Another idea to make 1 huge form, but split it to several steps with JavaScript. Only button in last tabs submits form, while other buttons just show next step. You can do weak validation with after "next" action, and strong validation on server after form is submitted.
http://jsfiddle.net/ht227xy3/1/
<script>
function switcher(activeBlock, passiveBlocks){
document.getElementById(activeBlock).style.display='';
for (i in passiveBlocks){
if (document.getElementById(passiveBlocks[i]))
document.getElementById(passiveBlocks[i]).style.display='none';
}
return false;
}
</script>
<form onsubmit="alert('Now form submits!!!')" action="" method="post">
<div id="first" class="tab">
<h3>Step 1 of 4</h3>
<b>Field 1:</b> <input type="text" name="field1" value="" /><br />
<br />
<button type="button" onclick="switcher('second', ['first','third','fourth']);">Next</button>
</div>
<div style="display:none;" id="second" class="tab">
<h3>Step 2 of 4</h3>
<b>Alt 1:</b> <input type="text" name="alt1" value="" /><br />
<br />
<button type="button" onclick="switcher('third', ['first','second','fourth']);">Next</button>
</div>
<div style="display:none;" id="third" class="tab">
<h3>Step 3 of 4</h3>
<b>Extra 1:</b> <input type="text" name="extra1" value="" /><br />
<br />
<button type="button" onclick="switcher('fourth', ['first','second','third']);">Next</button>
</div>
<div style="display:none;" id="fourth" class="tab">
<h3>Step 4 of 4</h3>
<b>File 1:</b> <input type="file" name="file1" /><br />
<br />
<input type="submit" value="Submit" />
</div>
</form>
I have a free form search that I moved from my main content to my header. Once I moved the form into the header the text inside of it stopped showing. The placeholder works but when you begin typing it is completely blank. The search and the functionality work perfectly, I just cannot see what I am typing. Any ideas?
<form class="search" action="/all-results/" method="get">
<fieldset>
<span class="text"><input name="searchProducts" value="All" type="hidden">
<input type="hidden" name="search_selection" value="all">
<input name="byString" id="s" type="text" value="" placeholder="<?php echo __('Search','Avada'); ?>" /></span>
</fieldset>
<form name="input" action="/all-results/" method="get">
<input type="submit" id="search_button" value="Search">
</form>
</form>
Your HTML is invalid. You can not nest a <form> element inside another <form>. Messing up forms and tables are two of the best ways to produces peculiar browser behaviour, so my guess is that this is your problem.
If you correct your HTML (validate it!) and the problem persists, then post a minimal HTML page with CSS so that there is something for us to debug.
Can anyone tell me why my anchor tags do not work? They simply load the external page but do not bring you to the correct div down the page.
This is the code on my .php page
</td><td class="shorter">
<input name="txt2nd" class="numbersOnly" type="number" id="txt2nd"></td>
<td class="shortest">
<a href="update.html#update_show" rel="external" id="update"><img class="update" alt="update price" src="images/update.png">
</a></td>
</tr>
Which should then load an external page at the point of the anchor id. This is what the code on that page looks like:
<div class="text-bg">
<form method="post" data-ajax="false" id="update_show" action="php/input_shows.php">
<p><label for="name">Your name</label><input type="text" size="30" name="name" id="name" /></p>
<p><label for="price">Price of a show</label><input type="number" step="any" min="0" name="price" id="price" cols="5" /></p>
<p><input type="submit" value="Update" name="commit" id="message_submit"/> or
<a rel="external" href="budget.html">Cancel</a></p>
</form>
I'm not sure where I'm going wrong or if this caused by some conflict with jQuery mobile I am not aware of. I'm hoping you guys will notice something really simple.
On the external page you need an anchor tag for it to link to, not any element with an id. <a name="update_show"></a> just above the form.
Update:
As suggested by #Marko D you don't need the named anchor tag. I would make an assumption that it doesn't work due to JS.
I'm pretty sure I have the answer to this, which I posted here:
https://stackoverflow.com/a/15553746/1462775
NOTE: This should probably just be added as a comment to the above question, but I don't have enough points yet to do that. :(
I'd like to use a contact form for a website I'm creating, but PHP is not an option since the client doesn't wish to use it. Is there a clever way to work around this somehow, by sending email parameters (which is non-standard) perhaps, or by using an external contact form? Are there any good ones that don't use advertising and are easily modified to a different language for example?
Thank you.
Check out formspree.
https://github.com/asm-products/formspree
For action you simply put:
<form action="http://formspree.io/you#email.com" method="post">
<input type="text" name="name">
<input type="email" name="_replyto">
<input type="submit" value="Send">
After verifying your email after the first send this will email you the contents of the form. One thing to keep in mind is that this will take the input names. If you do not include input names it won't send you that form field.
There are hundreds of embeddable (most likely iframe-based) solutions for contact forms, which would enable you to get around using a server-side language like PHP. Just a quick google search will give you some.
Alternatively, you could make a form in HTML, and have a submit button which is actually a mailto: link, and you modify the parameters of that mailto as your form inputs change.
The only downside of this is that it's not as convenient for the user, as it then opens up their email client and they have to actually send it.
Personally, I would try and persuade the client, but if that isn't possible, then those are your options.
Check out www.enformed.io.
Has a couple of interesting options that formspree does not have( Like redirect out of the box, and a html email editor).
I used Formspree but formspree doesn't allow ajax unless you have Gold Version. It doesn't work on the basic so I am planning on making an account on enformed.io. I still haven't used it but I have heard that t is very good. You can also use alerts fro success and error messages.
<form style="margin-left: 6%;" class="email" action="https://www.enformed.io/YOUR_TOKEN" method="post">
<p>Name:</p>
<input type="text" name="first_name" />
<div id="margin" style="height: 0.5%;"></div>
<p>E-mail:</p>
<div id="margin" style="height: 0.5%;"></div>
<input type="text" name="email" />
<div id="margin" style="height: 0.5%;"></div>
<p>Subject:</p>
<div id="margin" style="height: 0.5%;"></div>
<input type="text" name="subject" />
<div id="margin" style="height: 0.5%;"></div>
<p>Message:</p>
<div id="margin" style="height: 0.5%;"></div>
<textarea name="message"></textarea>
<div id="margin" style="height: 0.5%;"></div>
<button type="submit" class="btn btn-default">Submit Form</button>
</form>
Would something as simple as a mailto form work?