[Vtigercrm-developers] webforms spammy content
Rubén A. Estrada Orozco
rulotec1 at gmail.com
Wed Jul 28 22:53:07 GMT 2021
Ok! got it!
We have a minor issue with the generated html code. I mentioned you on
GitLab.
Saludos
Rubén
On Wed, Jul 28, 2021 at 2:28 PM Prasad <prasad at vtiger.com> wrote:
> I meant - review the integrated code for any deviation.
>
> On Wed, Jul 28, 2021 at 10:07 PM Rubén A. Estrada Orozco <
> rulotec1 at gmail.com> wrote:
>
>> Thanks Parsad!
>>
>> I'm not sure what you mean by "please run regression". Can you please
>> explain?
>>
>> Saludos
>>
>> Rubén
>>
>>
>> On Wed, Jul 28, 2021 at 7:24 AM Prasad <prasad at vtiger.com> wrote:
>>
>>> Dear Ruben,
>>>
>>> MR #832 accepted
>>> <https://code.vtiger.com/vtiger/vtigercrm/merge_requests/832> on master
>>> - please run regression.
>>>
>>> Look forward for the next one.
>>>
>>> Regards,
>>> Prasad
>>>
>>> On Tue, Jul 27, 2021 at 4:50 AM Rubén A. Estrada Orozco <
>>> rulotec1 at gmail.com> wrote:
>>>
>>>> It appears that after the upgrade to 7.4 my changes to the webforms
>>>> capture process were overwritten. So I guess the spammy content was in fact
>>>> a bot.
>>>>
>>>> I've fixed it, cleaned up a bit and made a MR:
>>>> https://code.vtiger.com/vtiger/vtigercrm/merge_requests/832
>>>>
>>>> Even when the other captcha versión (v.1?) was in place, it wasn't
>>>> correctly implemented as explained here:
>>>> https://code.vtiger.com/vtiger/vtigercrm/issues/954
>>>>
>>>> Saludos
>>>>
>>>> Rubén
>>>>
>>>>
>>>> On Sat, Jul 24, 2021 at 5:50 AM nilay khatri <nilay.spartan at gmail.com>
>>>> wrote:
>>>>
>>>>> That's the problem, technically and operationally!
>>>>>
>>>>> Technically bots can bypass your validations in different ways. This
>>>>> when combined with the operational issue where 2 teams are involved,
>>>>> website dev and crm dev teams, it becomes a pain to manage.
>>>>>
>>>>> However you can create abstraction such that the website team takes
>>>>> care of client side validation and at CRM side we add event listeners to
>>>>> sanitize/pre-process the form data.
>>>>>
>>>>> Potentially with this you can even map fields from Lead gen forms like
>>>>> on FB, Insta, Webhooks data etc. to webforms :)
>>>>>
>>>>>
>>>>>
>>>>> On Sat, Jul 24, 2021 at 4:07 PM Alan Lord <alanslists at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> We generally pre-process/sanitise/validate the form before submitting
>>>>>> to
>>>>>> the vtiger webform.
>>>>>>
>>>>>> Al
>>>>>>
>>>>>>
>>>>>> On 24/07/2021 11:00, nilay khatri wrote:
>>>>>> > This is one of the discussions carried upon earlier, where I
>>>>>> pointed to
>>>>>> > trigger events on webform submissions.
>>>>>> >
>>>>>> > This is one of the example situations where you want to add some
>>>>>> sort of
>>>>>> > filter before the webform gets submitted.
>>>>>> >
>>>>>> > Another scenario is where you might like to lookup if there is an
>>>>>> > existing contact based on email/phone and link the form data.
>>>>>> >
>>>>>> > BDW, captcha support is still not fixed/updated for webforms since
>>>>>> 3 years.
>>>>>> >
>>>>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/1266
>>>>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/1266>
>>>>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/1265
>>>>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/1265>
>>>>>> > https://code.vtiger.com/vtiger/vtigercrm/issues/954
>>>>>> > <https://code.vtiger.com/vtiger/vtigercrm/issues/954>
>>>>>> >
>>>>>> > On Sat, Jul 24, 2021 at 11:55 AM Prasad <prasad at vtiger.com
>>>>>> > <mailto:prasad at vtiger.com>> wrote:
>>>>>> >
>>>>>> > Description text-area is capturing the incoming content as text
>>>>>> and
>>>>>> > displaying it.
>>>>>> >
>>>>>> > You can add a pre-save handler to pre-process and reject.
>>>>>> >
>>>>>> > On Sat, Jul 24, 2021 at 12:59 AM Rubén A. Estrada Orozco
>>>>>> > <rulotec1 at gmail.com <mailto:rulotec1 at gmail.com>> wrote:
>>>>>> >
>>>>>> > Hi ,
>>>>>> >
>>>>>> > I have a webform in a webpage with a reCaptcha "I'm not a
>>>>>> > robot" checkbox.
>>>>>> >
>>>>>> > However, lately I've been receiving leads in vtiger with a
>>>>>> > description like this:
>>>>>> >
>>>>>> > Ideal para ti
>>>>>> > <a href="https://bit.ly/3zqbZMl <https://bit.ly/3zqbZMl
>>>>>> >"><img
>>>>>> > src="
>>>>>> https://lh3.googleusercontent.com/proxy/ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg
>>>>>> > <
>>>>>> https://lh3.googleusercontent.com/proxy/ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg
>>>>>> >"
>>>>>> >
>>>>>> alt="ytyaxlg_7yvuaSla5AjOvXO1TwrBllb1RPAeeb7BmRcerhx2vL2uWLEDUSctpRoSJ6U0pmbLdKKcRGIT33YX83kYY7Vg_cE_Hg"
>>>>>> > /></a>
>>>>>> >
>>>>>> >
>>>>>> > This is how I see it in Vtiger:
>>>>>> >
>>>>>> > image.png
>>>>>> >
>>>>>> > Not sure whether that's a hacking attempt and if I should be
>>>>>> > worried. Shouldn't the webforms module filter html tags and
>>>>>> such
>>>>>> > kind of contents?
>>>>>> >
>>>>>> > Please share your thoughts!
>>>>>> >
>>>>>> > Saludos
>>>>>> >
>>>>>> > Rubén
>>>>>> > _______________________________________________
>>>>>> > http://www.vtiger.com/ <http://www.vtiger.com/>
>>>>>> >
>>>>>> > _______________________________________________
>>>>>> > http://www.vtiger.com/ <http://www.vtiger.com/>
>>>>>> >
>>>>>> >
>>>>>> > _______________________________________________
>>>>>> > http://www.vtiger.com/
>>>>>> >
>>>>>> _______________________________________________
>>>>>> http://www.vtiger.com/
>>>>>
>>>>> _______________________________________________
>>>>> http://www.vtiger.com/
>>>>
>>>> _______________________________________________
>>>> http://www.vtiger.com/
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>
>> _______________________________________________
>> http://www.vtiger.com/
>
> _______________________________________________
> http://www.vtiger.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20210728/45890ca4/attachment.html>
More information about the vtigercrm-developers
mailing list