How to: Make ASP.net labels display dynamically on page - javascript

How do I make ASP.net labels display dynamically, that is, they should not take up any whitespace when not being used.
I have a good chunk of error message labels at the bottom of a form, which are set to remain hidden until the user makes an error on one of the text boxes (does not pass validation). This works, and they remain hidden; however, they still take up their respective white space, which causes the form to look goofy and unprofessional since there is a huge chunk of whitespace in the middle of the page.
I would like to make them appear, and only take up space, as needed, hopefully setting them to appear either in javascript or my vb.net codebehind. Creative solutions are welcome.
Sorry if this is a google-it type question, I did make an earnest effort to find it online and my googlefu was not strong.

A good control to use for validation messages is the validation summary control. In your code behind you can add your own errors as well as some automatic validations (i.e. required fields, etc)

I think the best way is to replace asp.net label with literal and wrap the literal with div. Then, you can hide or show the div. You won't need br tag.

Related

Honeypot spam trap conflicts with browsers auto-fill feature

As you may know, Chrome does not support:autocomplete="off", autocomplete="nope", autocomplete="false" or even autocomplete="new-password" any longer.
That means, from time to time, I do get reports that honeypot traps are preventing users from submitting forms, since the trap input is being auto-filled, even if not shown.
The practice for setting the trap is wrapping a TEXT input with a display:none; element, so spam bots won't be able to figure its really hidden (unless they are smarter and they usually aren't), and if this input has contents, you won't allow the submission to go through, as the field supposed to be hidden and empty for regular users.
What's your practice in using honeypot traps while still having browsers ignoring the demand for auto-complete or auto-fill by using the above arributes?
My current solution (October 2022) for a honeypot field looks like this:
Move the input field out of the visible area using css
Avoid name attributes that Chrome looks for when autofilling, like email, address, etc.
Do not wrap the honeypot input element with other elements that contain such keywords in their label or in name attribute
If you are using FormFind (which analyzes a page's source code and extracts the 'action' parameter and the input tags will find hidden fields. Hidden fields will not stop a spambot.
FormFind will find all the fields on a form from the HTML source code. And once you find the input fields - and the 'action' parameter (which FormFind does find) - its easy to use CURL or WGET to 'submit' the form.
Although reCAPTCHA will help with spambots, the only technique that I have found (and what I use in my solution) is to have some JavaScript code that will change the form's action parameter on a onclick/onfocus event. And if you put a delay in the JS function that changes the action parameter, that's a bonus spambot blocker.
Using JS to change things (or even to fill in a hidden field, if you insist on using one) is a good technique. CUSL and WGET cannot process JS code. (There was an open source project that claimed to be able to process JS code, but it was abandoned a couple of years ago.)
The JS trick is what I use in my contact form at my free FormSpammerTrap.com site. Code is free and open source. And the contact form there uses my technique. Have not gotten any spam via a spambot (automated process) from there. And I am working on a newer version that will add delays to even further block spammers.
Anyone is welcome to request the code to try it out. No charge. No fees. No advertising. No $$ benefit to me, other than how I use it on my sites to block spam.
So, using hidden fields to stop spambots is not going to work well. You have to have more layers of defense against them. Using JS code techniques is another layer that will help block almost all spambots. (There's no 100% solution, but I think mine is close - and it's been around for a couple of years.)
I removed the name variable from the input tag and this resolved the issue of the hidden honey pot fields getting autofilled...

Prevent line breaks in "alert" prompt in javascript

I know how to insert line breaks in a JavaScript alert (using '\n'), but how do I prevent them - that is, make the text remain on the same line within the alert.
I have a message I want to display that breaks on the last word of the sentence, leaving a very awkward looking message. So, for example, instead of this:
Please ensure proper text is entered into the form
The users sees this:
Please ensure proper text is entered into the
form
...quite unappealing.
I know I could alter the message to possibly make it shorter, but for future reference, I thought I would ask the question.
This isn't possible, because the styling of the alert dialog that appears depends completely on the browser's implementation. Different screen sizes and different browsers will enforce different maximum / minimum widths on these dialogs. Even shortening your text won't guarantee that it is restricted to one line on all browsers.
Your best solution would be to implement a JavaScript dialog of your own.
Javascript alerts are not customisable in this fashion because they are completely dependent on the browser itself. Consider using an in-DOM modal.
Unfortunately, there is no way to make the "alert" window wider, which means text that doesn't fit will wrap to the next line. I would suggest displaying the message in HTML instead.

Add a not-predefined amount of input boxes to a webpage (and use that with Google App Engine)

In GAE it's easy to set up an HTML page with 1 (or any other predefined number) of text input fields and then deal with the data you get. My question is how is it possible for a user to start with 1 text box, and using a button (like "Add more") to add any number of additional boxes he wants.
I'm not sure both about the HTML implementation of this (I think it'll require JS, but I'm pretty much a noob with these stuff), and the GAE implementation of this (How to write code that'll accept an arbitrary number of inputs?)
An answer to either would be very welcome; perhaps the GAE problem is not even a problem. It'll be easier for me to ponder on once I get the html/js part right.
The Answer depends on what size of information you expect. One option is an Expando Class where you add to it as needed.
Or the easier to implement if your input is small enough you probably can get away with a db.StringListProperty and use object.append(var) to add more fields in the post.
You will certainly need to use JavaScript to create the additional text boxes. Then loop through the submission in the post to add the data to either option.

Creating a form to input multiple contacts

I'm trying to devise a form that will allow me to input multiple contacts. It's a pretty long form so far and I want to keep it as short as possible. I was thinking of just having one set of fields for contact inputting which will add this contact to a list box or gridview but I'm not sure that is the most elegant solution. Could anyone else point me in the right direction to something good I can use?
I'm writing in HTML / asp.net / javascript.
Thanks,
Steve
I'm a big fan of the way Facebook does this in their new message popup. If you have an account, try creating a message and adding multiple contacts to the "To" box. Basically it's a big box with a list of contacts you've added. At the end is an inline borderless textbox to add the next contact. Clicking anywhere in the field focuses the hidden textbox at the end. At least that's how I think it works... If you decide you like it, maybe take a closer look at it using Firebug for Firefox. I'm not suggesting ripping off their code or anything, I just think it would be a good starting point for what your talking about.

Simple & basic form spam reduction: checking for Javascript?

I'm trying to reduce the form spam on our website. (It's actually pretty recent).
I seem to remember reading somewhere that the spammers aren't executing the Javascript on the site.
Is that true?
And if so, then could you simply check for javascript being disabled and then figure it's likely that it's spam?
There are still a large number of people that run with Javascript turned off.
Alternatively, I have had decent success with stopping form spam using CSS. Basically, include an input field and label that is hidden using CSS (display: none;) and once submitted, check if anything has been entered in the field.
I generally label the field as a spam filter with an instruction to not put anything in the field, but all newer browsers will properly hide the block.
More: Fighting Spam with CSS
reCAPTCHA is also surprisingly easy to implement.
check http://kahi.cz/wordpress/ravens-antispam-plugin/ for a nice answer
if puts in
<noscript><p><label for="websiteurl99f">Please type "e73053": </label><input type="text" name="websiteurl99f" id="websiteurl99f" /></p></noscript>
<script type="text/javascript">/* <![CDATA[ */ document.write('<div><input type="hidden" name="websiteurl99f" value="e' + '73053" \/><\/div>'); /* ]]> */</script>
so javascript users see nothing, non js users just type in a word
if a spammer targets you specifically it won't take them long to code round it but for drive by spammers it should be good
In the same vein, adding a dummy field and then using CSS to hide it is a good way to trick the bots. If the field is submitted, you know a non-human probably completed the form.
Especially effective if you label/name the field something along the lines of URL or website.
You could check - have JavaScript that populates a hidden form field with a specific value after the page loads. Then, when the page posts back to the server, check that hidden form field the expected value. If it is not there, that means the JavaScript didn't execute.
As to whether you should assume it is spam is another story altogether, and one that has no certain answer, really. You could simply have a <noscript> tag and have it indicate to the user that their submission will not take unless they enable JavaScript.
Once you have JavaScript running, however, the spammers will just use another workaround for that. :)
I can't remember where I've seen this method but spam bots like to fill out forms. Have you considered putting a form field that is hidden with javascript (and says don't fill this field if the user doesn't have JavaScript). This way if something fills in this field you can ignore it as spam.
Did you have any luck with this? I think some text based browsers have implemented basic JavaScript support, so maybe spam bots have as well?
Otherwise I'm considering using a captcha for users without JavaScript and some automatic JavaScript check for other users.

Categories

Resources