[Vtigercrm-developers] webforms spammy content

Prasad prasad at vtiger.com
Wed Jul 28 19:26:31 GMT 2021 

I meant - review the integrated code for any deviation.

On Wed, Jul 28, 2021 at 10:07 PM Rubén A. Estrada Orozco <rulotec1 at gmail.com>
wrote:

> Thanks Parsad!
>
> I'm not sure what you mean by "please run regression". Can you please
> explain?
>
> Saludos
>
> Rubén
>
>
> On Wed, Jul 28, 2021 at 7:24 AM Prasad <prasad at vtiger.com> wrote:
>
>> Dear Ruben,
>>
>> MR #832 accepted
>> <https://code.vtiger.com/vtiger/vtigercrm/merge_requests/832> on master
>> - please run regression.
>>
>> Look forward for the next one.
>>
>> Regards,
>> Prasad
>>
>> On Tue, Jul 27, 2021 at 4:50 AM Rubén A. Estrada Orozco <
>> rulotec1 at gmail.com> wrote:
>>
>>> It appears that after the upgrade to 7.4 my changes to the webforms
>>> capture process were overwritten. So I guess the spammy content was in fact
>>> a bot.
>>>
>>> I've fixed it, cleaned up a bit and made a MR:
>>> https://code.vtiger.com/vtiger/vtigercrm/merge_requests/832
>>>
>>> Even when the other captcha versión (v.1?) was in place, it wasn't
>>> correctly implemented as explained here:
>>> https://code.vtiger.com/vtiger/vtigercrm/issues/954
>>>
>>>  Saludos
>>>
>>> Rubén
>>>
>>>
>>> On Sat, Jul 24, 2021 at 5:50 AM nilay khatri <nilay.spartan at gmail.com>
>>> wrote:
>>>
>>>> That's the problem, technically and operationally!
>>>>
>>>> Technically bots can bypass your validations in different ways. This
>>>> when combined with the operational issue where 2 teams are involved,
>>>> website dev and crm dev teams, it becomes a pain to manage.
>>>>
>>>> However you can create abstraction such that the website team takes
>>>> care of client side validation and at CRM side we add event listeners to
>>>> sanitize/pre-process the form data.
>>>>
>>>> Potentially with this you can even map fields from Lead gen forms like
>>>> on FB, Insta, Webhooks data etc. to webforms :)
>>>>
>>>>
>>>>
>>>> On Sat, Jul 24, 2021 at 4:07 PM Alan Lord <alanslists at gmail.com> wrote:
>>>>
>>>>> We generally pre-process/sanitise/validate the form before submitting
>>>>> to
>>>>> the vtiger webform.
>>>>>
>>>>> Al
>>>>>
>>>>>
>>>>> On 24/07/2021 11:00, nilay khatri wrote:
>>>>> > This is one of the discussions carried upon earlier, where I pointed
>>>>> to
>>>>> > trigger events on webform submissions.
>>>>> >
>>>>> > This is one of the example situations where you want to add some
>>>>> sort of
>>>>> > filter before the webform gets submitted.
>>>>> >
>>>>> > Another scenario is where you might like to lookup if there is an
>>>>> > existing contact based on email/phone and link the form data.
>>>>> >
>>>>> > BDW, captcha support is still not fixed/updated for webforms since 3
>>>>> years.
>>>>> >
>>>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/1266
>>>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/1266>
>>>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/1265
>>>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/1265>
>>>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/954
>>>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/954>
>>>>> >
>>>>> > On Sat, Jul 24, 2021 at 11:55 AM Prasad <prasad at vtiger.com
>>>>> > <mailto:prasad at vtiger.com>> wrote:
>>>>> >
>>>>> >     Description text-area is capturing the incoming content as text
>>>>> and
>>>>> >     displaying it.
>>>>> >
>>>>> >     You can add a pre-save handler to pre-process and reject.
>>>>> >
>>>>> >     On Sat, Jul 24, 2021 at 12:59 AM Rubén A. Estrada Orozco
>>>>> >     <rulotec1 at gmail.com <mailto:rulotec1 at gmail.com>> wrote:
>>>>> >
>>>>> >         Hi ,
>>>>> >
>>>>> >         I have a webform in a webpage with a  reCaptcha "I'm not a
>>>>> >         robot" checkbox.
>>>>> >
>>>>> >         However, lately I've been receiving leads in vtiger with a
>>>>> >         description like this:
>>>>> >
>>>>> >         Ideal para ti
>>>>> >         <a href="https://bit.ly/3zqbZMl <https://bit.ly/3zqbZMl
>>>>> >"><img
>>>>> >         src="
>>>>> https://lh3.googleusercontent.com/proxy/ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg
>>>>> >         <
>>>>> https://lh3.googleusercontent.com/proxy/ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg
>>>>> >"
>>>>> >
>>>>>  alt="ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg"
>>>>> >         /></a>
>>>>> >
>>>>> >
>>>>> >         This is how I see it in Vtiger:
>>>>> >
>>>>> >         image.png
>>>>> >
>>>>> >         Not sure whether that's a hacking attempt and if I should be
>>>>> >         worried. Shouldn't the webforms module filter html tags and
>>>>> such
>>>>> >         kind of contents?
>>>>> >
>>>>> >         Please share your thoughts!
>>>>> >
>>>>> >         Saludos
>>>>> >
>>>>> >         Rubén
>>>>> >         _______________________________________________
>>>>> >         http://www.vtiger.com/ <http://www.vtiger.com/>
>>>>> >
>>>>> >     _______________________________________________
>>>>> >     http://www.vtiger.com/ <http://www.vtiger.com/>
>>>>> >
>>>>> >
>>>>> > _______________________________________________
>>>>> > http://www.vtiger.com/
>>>>> >
>>>>> _______________________________________________
>>>>> http://www.vtiger.com/
>>>>
>>>> _______________________________________________
>>>> http://www.vtiger.com/
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>
>> _______________________________________________
>> http://www.vtiger.com/
>
> _______________________________________________
> http://www.vtiger.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20210729/8f3b8dab/attachment-0001.html>

More information about the vtigercrm-developers mailing list