[Vtigercrm-developers] webforms spammy content

Prasad prasad at vtiger.com
Tue Jul 27 06:00:33 GMT 2021 

Thanks Ruben. I did a quick review - can you please review the feedback on
code (minor).
Its ready to pick up once its done.

If you are too caught up let me know.

On Tue, Jul 27, 2021 at 4:50 AM Rubén A. Estrada Orozco <rulotec1 at gmail.com>
wrote:

> It appears that after the upgrade to 7.4 my changes to the webforms
> capture process were overwritten. So I guess the spammy content was in fact
> a bot.
>
> I've fixed it, cleaned up a bit and made a MR:
> https://code.vtiger.com/vtiger/vtigercrm/merge_requests/832
>
> Even when the other captcha versión (v.1?) was in place, it wasn't
> correctly implemented as explained here:
> https://code.vtiger.com/vtiger/vtigercrm/issues/954
>
>  Saludos
>
> Rubén
>
>
> On Sat, Jul 24, 2021 at 5:50 AM nilay khatri <nilay.spartan at gmail.com>
> wrote:
>
>> That's the problem, technically and operationally!
>>
>> Technically bots can bypass your validations in different ways. This when
>> combined with the operational issue where 2 teams are involved, website dev
>> and crm dev teams, it becomes a pain to manage.
>>
>> However you can create abstraction such that the website team takes care
>> of client side validation and at CRM side we add event listeners to
>> sanitize/pre-process the form data.
>>
>> Potentially with this you can even map fields from Lead gen forms like on
>> FB, Insta, Webhooks data etc. to webforms :)
>>
>>
>>
>> On Sat, Jul 24, 2021 at 4:07 PM Alan Lord <alanslists at gmail.com> wrote:
>>
>>> We generally pre-process/sanitise/validate the form before submitting to
>>> the vtiger webform.
>>>
>>> Al
>>>
>>>
>>> On 24/07/2021 11:00, nilay khatri wrote:
>>> > This is one of the discussions carried upon earlier, where I pointed
>>> to
>>> > trigger events on webform submissions.
>>> >
>>> > This is one of the example situations where you want to add some sort
>>> of
>>> > filter before the webform gets submitted.
>>> >
>>> > Another scenario is where you might like to lookup if there is an
>>> > existing contact based on email/phone and link the form data.
>>> >
>>> > BDW, captcha support is still not fixed/updated for webforms since 3
>>> years.
>>> >
>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/1266
>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/1266>
>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/1265
>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/1265>
>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/954
>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/954>
>>> >
>>> > On Sat, Jul 24, 2021 at 11:55 AM Prasad <prasad at vtiger.com
>>> > <mailto:prasad at vtiger.com>> wrote:
>>> >
>>> >     Description text-area is capturing the incoming content as text and
>>> >     displaying it.
>>> >
>>> >     You can add a pre-save handler to pre-process and reject.
>>> >
>>> >     On Sat, Jul 24, 2021 at 12:59 AM Rubén A. Estrada Orozco
>>> >     <rulotec1 at gmail.com <mailto:rulotec1 at gmail.com>> wrote:
>>> >
>>> >         Hi ,
>>> >
>>> >         I have a webform in a webpage with a  reCaptcha "I'm not a
>>> >         robot" checkbox.
>>> >
>>> >         However, lately I've been receiving leads in vtiger with a
>>> >         description like this:
>>> >
>>> >         Ideal para ti
>>> >         <a href="https://bit.ly/3zqbZMl <https://bit.ly/3zqbZMl>"><img
>>> >         src="
>>> https://lh3.googleusercontent.com/proxy/ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg
>>> >         <
>>> https://lh3.googleusercontent.com/proxy/ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg
>>> >"
>>> >
>>>  alt="ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg"
>>> >         /></a>
>>> >
>>> >
>>> >         This is how I see it in Vtiger:
>>> >
>>> >         image.png
>>> >
>>> >         Not sure whether that's a hacking attempt and if I should be
>>> >         worried. Shouldn't the webforms module filter html tags and
>>> such
>>> >         kind of contents?
>>> >
>>> >         Please share your thoughts!
>>> >
>>> >         Saludos
>>> >
>>> >         Rubén
>>> >         _______________________________________________
>>> >         http://www.vtiger.com/ <http://www.vtiger.com/>
>>> >
>>> >     _______________________________________________
>>> >     http://www.vtiger.com/ <http://www.vtiger.com/>
>>> >
>>> >
>>> > _______________________________________________
>>> > http://www.vtiger.com/
>>> >
>>> _______________________________________________
>>> http://www.vtiger.com/
>>
>> _______________________________________________
>> http://www.vtiger.com/
>
> _______________________________________________
> http://www.vtiger.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20210727/a0f9871c/attachment.html>

More information about the vtigercrm-developers mailing list