Alternative for Form Action - javascript

I have this form in my web page
<form method="POST" action="http://www.example.com/gotothisURL">
........
Two buttons here , one for submit and one for validation
</form>
Now when I click "Submit" , the page is redirected to the URL, but it also does the same thing when I click "Validation". I don't want page to be redirected on click of "validation", but I do want to do some cross site validation on server side.

The validation should work in two steps. Firstly the form must validate on the client side, using JavaScript. Then once the client side script has determined the form is valid it can be sent to the server for further validation.
Unless there is a specific reason for the validation button I would avoid using this. Just allow the form to be validated by JavaScript when the user clicks submits, if it passes the initial validation then it can be sent to the server, otherwise, you can display relevant messages on the screen explaining to the user what they must do in order for the form to be valid.

Related

How to clear HTML form that handles file download and does not navigate away

I have a form that takes some input and sends a POST request back to a Spring Boot instance, which triggers a file download through content disposition header.
The browser handles the download perfectly but it does not navigate away from the page, which is the normal behavior.
Now, the inputs contain sensitive information that must not remain in the form.
I can only intercept the form's onsubmit function but I can not use ajax to make the requests because the server returns multiple pages depending the state of the data (i.e bad input, wrong information, etc)
Clearing the fields before submission erases the form and all data gets lost.
Is there a way to clear the fields before or after the form has been submitted?

When I perform the ajax request that performs sign up or login it doesn't work properly

I am trying to make a sign up and login forms in a project that follows MVC pattern. So we can divide the process into 3 parts: 1- the front-end which is html,css and javascript. 2-Server-side which is PHP 3- database which is MySQL. The problem I have is that when I submit the form either Login or sign up I get a strange behavior that depend on the values i'm sending to the PHP code.
for the sign up process. when I submit the email and password the ajax request send successfully the data and the username and password are correctly inserted into the database, but the on success function is not called. and the page is refreshed.
for the login processes. consider we have an already existing user in database 'user1#gmail.com' and password '1234'. if I entered the correct username and password I get the same behavior as the signup the page is refreshed and on success function is not called and the correct behavior that should happen based on the following codes that it should overwrite the page with the response, but if I send the correct username and password field is empty the onsuccess function is called and write in the document the response 'Hello from login wrong'. In the codes I wrote document.write() function to show only the response but it's not for the real implementation.
There are multiple ways to stop your form from submitting during ajax processing, one easy solution is to change your submit button to a button.
You do this by changing:
type="submit"
to
type="button"

How to prevent fake form validation

So I have page with simple form. To submit this form I need person submitting to check checkbox (some privacy policy etc).
I have the form like this:
<form role="form" class="form" id="zamowienie" action="send_order.php" method="post">
<button type="button" id="wyslijZamowienie">SEND</button>
<input type="checkbox" id="regCheckbox" value="">
</form>
(Of course, every distracting inputs are deleted.)
Then I have script that shall submit form only after checking the checkbox.
button.on("click",function(){
if ($("#regCheckbox").is(":checked")) $("#zamowienie").submit();
Unfortunately, I found out that user can change localy the button type from "button" to "submit" and he will be able to submit the form ignoring my submit protect script.
And additional question. I am not an expert but I started wandering what else can do user with FireBug or dev tools. Can he perform any attacks this way?
Many thanks for any answers or guidance.
The user is able to change your form in many other ways, not just changing the type attribute of the button, the best is to check it on the server side too, for example, you should do something like this:
Validate via Jquery:
$("#zamowienie").submit(function(e) {
if(!$('input[type=checkbox]#regCheckbox:checked').length) {
//stop the form from submitting
return false;
}
//Continue and submit the form
return true;
});
Validate in the backend:
If you are using PHP in the backend for example, you have to check if the checkbox is checked, with something like this:
Note: Your checkbox need a name attribute, let's say mycheckbox
if (isset($_POST['mycheckbox'])) {
//Process your form
}
else{
//Checkbox was not checked, print an error message or something
}
Always validate your code in the backend, the Javascript validation is just a plus for usability and User Experience.
That's one of the reasons why you always validate on the server.
There's no problem validating on the FrontEnd, but you need a double check from the server so you guarantee that all the data is as you expected.
As for the Firebug/Chrome Dev Tools question, anyone can pretty much edit everything from your FrontEnd. From CSS to JS. Even if you minify it!
Consider that the user can do everything he wants. He can modify everything in your form or even create another one targeting the same url and create a script to submit it 1000 times.
That's why you often read :
Never Trust User Input
This means you have to check the whole request on server side : check the method used, check that the fields you are expected are set with data types that you expect.
To summarize : Front end is just here to help the "usual" user to communicate with your server, but on server side (back end), you have to expect every input possible.

Posting data on server using asp.net

I have name and email id fields and want to post data to server to another website (if fields are valid) using form tags but i already have one form tag with runat="server", using second form tag causes second form to not show on page. I have JavaScript code to post data to server on form post. I saw something using action on button click, but how do i post data on button click
P.S I don't want to use iFrame, popup.
To send POST data on a form submit, try to use a submit button like this:
<input type="submit" value="POST_DATA" name="POST_PARAMETER_NAME">
Replace POST_DATA with your data you want to submit and replace POST_PARAMETER_NAME with the parameter name you want to access the data on the server.
If you already have a form on the page that uses asp.net web forms to communicate with the server then you would probably need to make an ajax request if you want to post back different data. This is quite easy these days using jQuery. The link bellow shows you how you may do this and how to create a web forms page that would accept your post. This way your current form and page would not need to change which is what it sounds like you are after.
http://encosia.com/using-jquery-to-directly-call-aspnet-ajax-page-methods/

Use javascript to control some html fields of a form before submitting

Before submitting a form, i use javascript code (surrounded in PHP) in order to make locally some controls but sometimes javascript may not be enabled client-side.
The fact is that I have to check by pattern/regex each control of the form for example checking email, phone number,.. format so that user cannot enter anything haphazardly. Therefore, if javascript is not enabled, the form must not be submitted, even if all field are fulfilled out.
Therefore my question is to know if there is a tag or function which allow to perform what i want to?
Thank for your help
JavaScript runs client-side.
That means that users have FULL CONTROL over it.
Then, if they want to disable it, you can't do anything about it.
The only thing you should do is be sure that users with JS disabled will be able to submit the form too.
If you use JS to validate the form, be aware that users have FULL CONTROL over it, so they can send the form if they want, even if your code says that it's invalid.
The right way to do it is:
Be sure users without javascript can send the form
Implement client-side validation for users with javascript activation. This way they will have a better user experience (because can know if the data is invalid immediately) and is less server intensive (your server will have to validate less invalid forms).
ALWAYS validate the submited form server-side. Data coming from a client is always UNTRUSTED, even if you think you have validated it.

Categories

Resources