[Vtigercrm-developers] webforms spammy content

Rubén A. Estrada Orozco rulotec1 at gmail.com
Mon Jul 26 23:17:17 GMT 2021 

It appears that after the upgrade to 7.4 my changes to the webforms capture
process were overwritten. So I guess the spammy content was in fact a bot.

I've fixed it, cleaned up a bit and made a MR:
https://code.vtiger.com/vtiger/vtigercrm/merge_requests/832

Even when the other captcha versión (v.1?) was in place, it wasn't
correctly implemented as explained here:
https://code.vtiger.com/vtiger/vtigercrm/issues/954

 Saludos

Rubén


On Sat, Jul 24, 2021 at 5:50 AM nilay khatri <nilay.spartan at gmail.com>
wrote:

> That's the problem, technically and operationally!
>
> Technically bots can bypass your validations in different ways. This when
> combined with the operational issue where 2 teams are involved, website dev
> and crm dev teams, it becomes a pain to manage.
>
> However you can create abstraction such that the website team takes care
> of client side validation and at CRM side we add event listeners to
> sanitize/pre-process the form data.
>
> Potentially with this you can even map fields from Lead gen forms like on
> FB, Insta, Webhooks data etc. to webforms :)
>
>
>
> On Sat, Jul 24, 2021 at 4:07 PM Alan Lord <alanslists at gmail.com> wrote:
>
>> We generally pre-process/sanitise/validate the form before submitting to
>> the vtiger webform.
>>
>> Al
>>
>>
>> On 24/07/2021 11:00, nilay khatri wrote:
>> > This is one of the discussions carried upon earlier, where I pointed to
>> > trigger events on webform submissions.
>> >
>> > This is one of the example situations where you want to add some sort
>> of
>> > filter before the webform gets submitted.
>> >
>> > Another scenario is where you might like to lookup if there is an
>> > existing contact based on email/phone and link the form data.
>> >
>> > BDW, captcha support is still not fixed/updated for webforms since 3
>> years.
>> >
>> > https://code.vtiger.com/vtiger/vtigercrm/issues/1266
>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/1266>
>> > https://code.vtiger.com/vtiger/vtigercrm/issues/1265
>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/1265>
>> > https://code.vtiger.com/vtiger/vtigercrm/issues/954
>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/954>
>> >
>> > On Sat, Jul 24, 2021 at 11:55 AM Prasad <prasad at vtiger.com
>> > <mailto:prasad at vtiger.com>> wrote:
>> >
>> >     Description text-area is capturing the incoming content as text and
>> >     displaying it.
>> >
>> >     You can add a pre-save handler to pre-process and reject.
>> >
>> >     On Sat, Jul 24, 2021 at 12:59 AM Rubén A. Estrada Orozco
>> >     <rulotec1 at gmail.com <mailto:rulotec1 at gmail.com>> wrote:
>> >
>> >         Hi ,
>> >
>> >         I have a webform in a webpage with a  reCaptcha "I'm not a
>> >         robot" checkbox.
>> >
>> >         However, lately I've been receiving leads in vtiger with a
>> >         description like this:
>> >
>> >         Ideal para ti
>> >         <a href="https://bit.ly/3zqbZMl <https://bit.ly/3zqbZMl>"><img
>> >         src="
>> https://lh3.googleusercontent.com/proxy/ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg
>> >         <
>> https://lh3.googleusercontent.com/proxy/ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg
>> >"
>> >
>>  alt="ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg"
>> >         /></a>
>> >
>> >
>> >         This is how I see it in Vtiger:
>> >
>> >         image.png
>> >
>> >         Not sure whether that's a hacking attempt and if I should be
>> >         worried. Shouldn't the webforms module filter html tags and such
>> >         kind of contents?
>> >
>> >         Please share your thoughts!
>> >
>> >         Saludos
>> >
>> >         Rubén
>> >         _______________________________________________
>> >         http://www.vtiger.com/ <http://www.vtiger.com/>
>> >
>> >     _______________________________________________
>> >     http://www.vtiger.com/ <http://www.vtiger.com/>
>> >
>> >
>> > _______________________________________________
>> > http://www.vtiger.com/
>> >
>> _______________________________________________
>> http://www.vtiger.com/
>
> _______________________________________________
> http://www.vtiger.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20210726/12769b6d/attachment.html>

More information about the vtigercrm-developers mailing list