[Vtigercrm-developers] webforms spammy content

nilay khatri nilay.spartan at gmail.com
Sat Jul 24 10:48:20 GMT 2021


That's the problem, technically and operationally!

Technically bots can bypass your validations in different ways. This when
combined with the operational issue where 2 teams are involved, website dev
and crm dev teams, it becomes a pain to manage.

However you can create abstraction such that the website team takes care of
client side validation and at CRM side we add event listeners to
sanitize/pre-process the form data.

Potentially with this you can even map fields from Lead gen forms like on
FB, Insta, Webhooks data etc. to webforms :)



On Sat, Jul 24, 2021 at 4:07 PM Alan Lord <alanslists at gmail.com> wrote:

> We generally pre-process/sanitise/validate the form before submitting to
> the vtiger webform.
>
> Al
>
>
> On 24/07/2021 11:00, nilay khatri wrote:
> > This is one of the discussions carried upon earlier, where I pointed to
> > trigger events on webform submissions.
> >
> > This is one of the example situations where you want to add some sort of
> > filter before the webform gets submitted.
> >
> > Another scenario is where you might like to lookup if there is an
> > existing contact based on email/phone and link the form data.
> >
> > BDW, captcha support is still not fixed/updated for webforms since 3
> years.
> >
> > https://code.vtiger.com/vtiger/vtigercrm/issues/1266
> > <https://code.vtiger.com/vtiger/vtigercrm/issues/1266>
> > https://code.vtiger.com/vtiger/vtigercrm/issues/1265
> > <https://code.vtiger.com/vtiger/vtigercrm/issues/1265>
> > https://code.vtiger.com/vtiger/vtigercrm/issues/954
> > <https://code.vtiger.com/vtiger/vtigercrm/issues/954>
> >
> > On Sat, Jul 24, 2021 at 11:55 AM Prasad <prasad at vtiger.com
> > <mailto:prasad at vtiger.com>> wrote:
> >
> >     Description text-area is capturing the incoming content as text and
> >     displaying it.
> >
> >     You can add a pre-save handler to pre-process and reject.
> >
> >     On Sat, Jul 24, 2021 at 12:59 AM Rubén A. Estrada Orozco
> >     <rulotec1 at gmail.com <mailto:rulotec1 at gmail.com>> wrote:
> >
> >         Hi ,
> >
> >         I have a webform in a webpage with a  reCaptcha "I'm not a
> >         robot" checkbox.
> >
> >         However, lately I've been receiving leads in vtiger with a
> >         description like this:
> >
> >         Ideal para ti
> >         <a href="https://bit.ly/3zqbZMl <https://bit.ly/3zqbZMl>"><img
> >         src="
> https://lh3.googleusercontent.com/proxy/ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg
> >         <
> https://lh3.googleusercontent.com/proxy/ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg
> >"
> >
>  alt="ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg"
> >         /></a>
> >
> >
> >         This is how I see it in Vtiger:
> >
> >         image.png
> >
> >         Not sure whether that's a hacking attempt and if I should be
> >         worried. Shouldn't the webforms module filter html tags and such
> >         kind of contents?
> >
> >         Please share your thoughts!
> >
> >         Saludos
> >
> >         Rubén
> >         _______________________________________________
> >         http://www.vtiger.com/ <http://www.vtiger.com/>
> >
> >     _______________________________________________
> >     http://www.vtiger.com/ <http://www.vtiger.com/>
> >
> >
> > _______________________________________________
> > http://www.vtiger.com/
> >
> _______________________________________________
> http://www.vtiger.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20210724/1e9ed024/attachment.html>


More information about the vtigercrm-developers mailing list