[Vtigercrm-developers] webforms spammy content

Rubén A. Estrada Orozco rulotec1 at gmail.com
Wed Jul 28 16:33:48 GMT 2021 

Thanks Parsad!

I'm not sure what you mean by "please run regression". Can you please
explain?

Saludos

Rubén


On Wed, Jul 28, 2021 at 7:24 AM Prasad <prasad at vtiger.com> wrote:

> Dear Ruben,
>
> MR #832 accepted
> <https://code.vtiger.com/vtiger/vtigercrm/merge_requests/832> on master -
> please run regression.
>
> Look forward for the next one.
>
> Regards,
> Prasad
>
> On Tue, Jul 27, 2021 at 4:50 AM Rubén A. Estrada Orozco <
> rulotec1 at gmail.com> wrote:
>
>> It appears that after the upgrade to 7.4 my changes to the webforms
>> capture process were overwritten. So I guess the spammy content was in fact
>> a bot.
>>
>> I've fixed it, cleaned up a bit and made a MR:
>> https://code.vtiger.com/vtiger/vtigercrm/merge_requests/832
>>
>> Even when the other captcha versión (v.1?) was in place, it wasn't
>> correctly implemented as explained here:
>> https://code.vtiger.com/vtiger/vtigercrm/issues/954
>>
>>  Saludos
>>
>> Rubén
>>
>>
>> On Sat, Jul 24, 2021 at 5:50 AM nilay khatri <nilay.spartan at gmail.com>
>> wrote:
>>
>>> That's the problem, technically and operationally!
>>>
>>> Technically bots can bypass your validations in different ways. This
>>> when combined with the operational issue where 2 teams are involved,
>>> website dev and crm dev teams, it becomes a pain to manage.
>>>
>>> However you can create abstraction such that the website team takes care
>>> of client side validation and at CRM side we add event listeners to
>>> sanitize/pre-process the form data.
>>>
>>> Potentially with this you can even map fields from Lead gen forms like
>>> on FB, Insta, Webhooks data etc. to webforms :)
>>>
>>>
>>>
>>> On Sat, Jul 24, 2021 at 4:07 PM Alan Lord <alanslists at gmail.com> wrote:
>>>
>>>> We generally pre-process/sanitise/validate the form before submitting
>>>> to
>>>> the vtiger webform.
>>>>
>>>> Al
>>>>
>>>>
>>>> On 24/07/2021 11:00, nilay khatri wrote:
>>>> > This is one of the discussions carried upon earlier, where I pointed
>>>> to
>>>> > trigger events on webform submissions.
>>>> >
>>>> > This is one of the example situations where you want to add some sort
>>>> of
>>>> > filter before the webform gets submitted.
>>>> >
>>>> > Another scenario is where you might like to lookup if there is an
>>>> > existing contact based on email/phone and link the form data.
>>>> >
>>>> > BDW, captcha support is still not fixed/updated for webforms since 3
>>>> years.
>>>> >
>>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/1266
>>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/1266>
>>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/1265
>>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/1265>
>>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/954
>>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/954>
>>>> >
>>>> > On Sat, Jul 24, 2021 at 11:55 AM Prasad <prasad at vtiger.com
>>>> > <mailto:prasad at vtiger.com>> wrote:
>>>> >
>>>> >     Description text-area is capturing the incoming content as text
>>>> and
>>>> >     displaying it.
>>>> >
>>>> >     You can add a pre-save handler to pre-process and reject.
>>>> >
>>>> >     On Sat, Jul 24, 2021 at 12:59 AM Rubén A. Estrada Orozco
>>>> >     <rulotec1 at gmail.com <mailto:rulotec1 at gmail.com>> wrote:
>>>> >
>>>> >         Hi ,
>>>> >
>>>> >         I have a webform in a webpage with a  reCaptcha "I'm not a
>>>> >         robot" checkbox.
>>>> >
>>>> >         However, lately I've been receiving leads in vtiger with a
>>>> >         description like this:
>>>> >
>>>> >         Ideal para ti
>>>> >         <a href="https://bit.ly/3zqbZMl <https://bit.ly/3zqbZMl
>>>> >"><img
>>>> >         src="
>>>> https://lh3.googleusercontent.com/proxy/ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg
>>>> >         <
>>>> https://lh3.googleusercontent.com/proxy/ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg
>>>> >"
>>>> >
>>>>  alt="ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg"
>>>> >         /></a>
>>>> >
>>>> >
>>>> >         This is how I see it in Vtiger:
>>>> >
>>>> >         image.png
>>>> >
>>>> >         Not sure whether that's a hacking attempt and if I should be
>>>> >         worried. Shouldn't the webforms module filter html tags and
>>>> such
>>>> >         kind of contents?
>>>> >
>>>> >         Please share your thoughts!
>>>> >
>>>> >         Saludos
>>>> >
>>>> >         Rubén
>>>> >         _______________________________________________
>>>> >         http://www.vtiger.com/ <http://www.vtiger.com/>
>>>> >
>>>> >     _______________________________________________
>>>> >     http://www.vtiger.com/ <http://www.vtiger.com/>
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > http://www.vtiger.com/
>>>> >
>>>> _______________________________________________
>>>> http://www.vtiger.com/
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>
>> _______________________________________________
>> http://www.vtiger.com/
>
> _______________________________________________
> http://www.vtiger.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20210728/b89fc9ee/attachment-0001.html>

More information about the vtigercrm-developers mailing list