[Vtigercrm-developers] webforms spammy content

Prasad prasad at vtiger.com
Wed Jul 28 12:23:02 GMT 2021 

Dear Ruben,

MR #832 accepted
<https://code.vtiger.com/vtiger/vtigercrm/merge_requests/832> on master -
please run regression.

Look forward for the next one.

Regards,
Prasad

On Tue, Jul 27, 2021 at 4:50 AM Rubén A. Estrada Orozco <rulotec1 at gmail.com>
wrote:

> It appears that after the upgrade to 7.4 my changes to the webforms
> capture process were overwritten. So I guess the spammy content was in fact
> a bot.
>
> I've fixed it, cleaned up a bit and made a MR:
> https://code.vtiger.com/vtiger/vtigercrm/merge_requests/832
>
> Even when the other captcha versión (v.1?) was in place, it wasn't
> correctly implemented as explained here:
> https://code.vtiger.com/vtiger/vtigercrm/issues/954
>
>  Saludos
>
> Rubén
>
>
> On Sat, Jul 24, 2021 at 5:50 AM nilay khatri <nilay.spartan at gmail.com>
> wrote:
>
>> That's the problem, technically and operationally!
>>
>> Technically bots can bypass your validations in different ways. This when
>> combined with the operational issue where 2 teams are involved, website dev
>> and crm dev teams, it becomes a pain to manage.
>>
>> However you can create abstraction such that the website team takes care
>> of client side validation and at CRM side we add event listeners to
>> sanitize/pre-process the form data.
>>
>> Potentially with this you can even map fields from Lead gen forms like on
>> FB, Insta, Webhooks data etc. to webforms :)
>>
>>
>>
>> On Sat, Jul 24, 2021 at 4:07 PM Alan Lord <alanslists at gmail.com> wrote:
>>
>>> We generally pre-process/sanitise/validate the form before submitting to
>>> the vtiger webform.
>>>
>>> Al
>>>
>>>
>>> On 24/07/2021 11:00, nilay khatri wrote:
>>> > This is one of the discussions carried upon earlier, where I pointed
>>> to
>>> > trigger events on webform submissions.
>>> >
>>> > This is one of the example situations where you want to add some sort
>>> of
>>> > filter before the webform gets submitted.
>>> >
>>> > Another scenario is where you might like to lookup if there is an
>>> > existing contact based on email/phone and link the form data.
>>> >
>>> > BDW, captcha support is still not fixed/updated for webforms since 3
>>> years.
>>> >
>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/1266
>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/1266>
>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/1265
>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/1265>
>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/954
>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/954>
>>> >
>>> > On Sat, Jul 24, 2021 at 11:55 AM Prasad <prasad at vtiger.com
>>> > <mailto:prasad at vtiger.com>> wrote:
>>> >
>>> >     Description text-area is capturing the incoming content as text and
>>> >     displaying it.
>>> >
>>> >     You can add a pre-save handler to pre-process and reject.
>>> >
>>> >     On Sat, Jul 24, 2021 at 12:59 AM Rubén A. Estrada Orozco
>>> >     <rulotec1 at gmail.com <mailto:rulotec1 at gmail.com>> wrote:
>>> >
>>> >         Hi ,
>>> >
>>> >         I have a webform in a webpage with a  reCaptcha "I'm not a
>>> >         robot" checkbox.
>>> >
>>> >         However, lately I've been receiving leads in vtiger with a
>>> >         description like this:
>>> >
>>> >         Ideal para ti
>>> >         <a href="https://bit.ly/3zqbZMl <https://bit.ly/3zqbZMl>"><img
>>> >         src="
>>> https://lh3.googleusercontent.com/proxy/ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg
>>> >         <
>>> https://lh3.googleusercontent.com/proxy/ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg
>>> >"
>>> >
>>>  alt="ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg"
>>> >         /></a>
>>> >
>>> >
>>> >         This is how I see it in Vtiger:
>>> >
>>> >         image.png
>>> >
>>> >         Not sure whether that's a hacking attempt and if I should be
>>> >         worried. Shouldn't the webforms module filter html tags and
>>> such
>>> >         kind of contents?
>>> >
>>> >         Please share your thoughts!
>>> >
>>> >         Saludos
>>> >
>>> >         Rubén
>>> >         _______________________________________________
>>> >         http://www.vtiger.com/ <http://www.vtiger.com/>
>>> >
>>> >     _______________________________________________
>>> >     http://www.vtiger.com/ <http://www.vtiger.com/>
>>> >
>>> >
>>> > _______________________________________________
>>> > http://www.vtiger.com/
>>> >
>>> _______________________________________________
>>> http://www.vtiger.com/
>>
>> _______________________________________________
>> http://www.vtiger.com/
>
> _______________________________________________
> http://www.vtiger.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20210728/5e854dc0/attachment.html>

More information about the vtigercrm-developers mailing list