A lot of folks on Stack Overflow are probably trying to fix forms that don't submit, but I'm actually hoping to do the opposite!
What I'd like to do for an art project is make a form with a "joke" field -- say, your SSN, your bank account number, your fingerprints or retina scans or DNA code, or something super personal like that. But I don't want the number in our server logs, and I don't want it to be transmitted over the internet at all. I don't want any legal liability!
Basically the idea is just to ask for something audacious, but not to handle the data that may or may not come from users who actually put it in.
So, is there a way to make a field that acts as a normal form field, but where nonetheless we would feel "safe" that users who actually do put their sensitive info in the field will be protected?
What's the "safest" approach to something like this?
Form fields require a name to be submitted:
If any of the following conditions are met, then skip these substeps for this element:
[…]
The field element is not an input element whose type attribute is in the Image Button state, and either the field element does not have a name attribute specified, or its name attribute's value is the empty string.
[…]
So you could simply use an input without name attribute:
<input type="text">
Be careful with your "jokes", if you want that the information of the field is not submitted, then, you can simply leave it out of the form element like this:
<form action="... >
<input type="... >
</form>
<input type="... > <!-- This field won't be submitted-->
Related
I'm trying to get the name of the campaign where the person opened the form and save it in the supplemental table of the form.
I saw that it has the campaignname() function but I didn't know how to use it.
the form call in the body of the email:
$personalizedform('test_form', 'EMAIL_ADDRESS_',concat(CAMPAIGN_NAME=campaignname()))$
and the hidden field in the form:
<input type="hidden" name="CAMPAIGN_NAME" value="$CAMPAIGN_NAME$">
i managed to figure out how to do this and it was really dumb of me not to notice it but i can just use campaign.name in the form call
Based on what the limited information, I'd think that you'd want to write your form input to a supplemental table using the form rules, and have the input name/id match a column in your supplemental table.
The freemarker/RPL code to pass campaign name to a form would look something like this: ${form('test_form','EMAIL_ADDRESS_','CAMPAIGN_NAME='+campaign.name())}
Sources:
Responsys Form Method
Responsys Namespace Reference
I'm trying to remove the autocomplete="off" attribute from the input field for the email recipient field
The code of the input field is as follows:
<input
class="ac_input yui-ac-input"
size="96"
id="addressTO1"
title="An"
name="addressTO1"
onkeyup="SE.composeLayout.showAddressDetails(this);"
autocomplete="off" type="text">
Is there a setting that can be accessed via the GUI that changes the behaviour of the email "to" field or what would be the best way to turn on the autocomplete functionality.
Just removing it does not work, as there is some javascript functionality there, that keeps bringing it back.
I'm using suiterCRM version 7.6.5
Sugar Version 6.5.23.
There is no GUI for changing that, the autocomplete=off is hardcoded.
The TO field (addressTO1 dynamically generated name) is not a regular text input field, it will support multiple emails separated by comma, so a autocomplete="email" will not work.
The only solution I could come up with is for you to create a javascript function and attach to the keyup event of the field and show your logic.
Also you will need to save previously filled input with the answers and provide a mechanism to delete that. Not an easy solution I am afraid.
What I have is a form website page that will automatically fill out the required form with the information entered from the form website page. What I am trying to figure out is if #session.checkout.info.firstname_2# does not exist how do you skip it and not make the form worry about it?
So there are two fields one for owner and the other for co-owner, if there is only one owner the page is not opening the form because its looking for something to be entered as firstname_2 but if both owner and co-owner are entered it works fine because all fields are then entered. Does anyone know how I can make it only worry about the fields that have been submitted from the first form and ignore the sessions that have not yet been entered?
<cfif len(#session.checkout.info.firstname_2#)>
<cfpdfformparam
name="co-owner name"
value="#session.checkout.info.firstname_2# #session.checkout.info.middlename_2# #session.checkout.info.lastname_2#">
</cfif>
You can use isDefined to check that the variable does not exist.
<cfif isDefined("session.checkout.info.firstname_2")>
<cfpdfformparam
name="co-owner name"
value="#session.checkout.info.firstname_2# #session.checkout.info.middlename_2# #session.checkout.info.lastname_2#">
</cfif>
If you also need to check length you can combine the above if with what you've written.
Generally it's a better practice to use structKeyExists() but when there are multiple item that may not exist it can be cumbersome, i.e. structKeyExists(session, 'checkout') && structKeyExists(session.checkout, 'info') && structKeyExists(session.checkout.info, 'firstname_2')
I have a safe cracker form that allows a logged in member to submit an entry (a vote, actually). When they submit their vote, I want to prevent them from ever being able to submit an entry to this channel again. Is that possible? If so, how? Something automatic that either sets a member variable or searches some field to see if a member has submitted or something.
Couldn't you just wrap something like this
{exp:channel:entries channel='votes' author_id='{logged_in_member_id}' dynamic='off'}
{if total_results == 0}
{!-- allow a new entry --}
{/if}
{/exp:channel:entries}
around some or all of you voting form?
Is it possible to validate a radio group (so something is checked off, or chosen) using server-side validation with Perl? If so, how?
I already have it for JavaScript, but I want this form to be able to be submitted even without JavaScript enabled. Thus I will need the validation on the server-side.
There is no fixed name for the radio group, it can change, however there must be a name, so that #names = $cgi->param() will give all the names.
I'm thinking along something that will give me the type, like the type in JavaScript, to determine if it's a radio button in a group.
Your CGI script receives form fields as name-value pairs without any information as to what type of visual form element generated the values.
Your CGI script must know the names of the input variables whose values it is going to validate. Having the names supplied to the script based on untrusted user input is risky IMHO—that includes using another field whose value is the name of the radio group.
Say, you have a variable called contact_me which can take on values "yes" and "no". There is absolutely no reason for your CGI script to care if the value was provided using
<select name="contact_me">
<option value="yes" selected="1">Please do!</option>
<option value="no">Oh no!!!</option>
</select>
or using
<input type="radio" name="contact_me" value="yes" checked="1">
<input type="radio" name="contact_me" value="no">
or if the user typed her answer into the text field
<input name="contact_me">
The only thing your CGI script needs to concern itself with is if the value of contact_me is "yes" or "no".
It looks like you do not have a firm grasp of CGI. Please see The World Wide Web Security FAQ: CGI (Server) Scripts as a starting point.
Please stop all of your CGI development until you understand the ramifications. I retract this remark in light of your comments clarifying the use of a config file to define parameter names (which, in principle, is orders of magnitude safer).
Pass another hidden input field containing the name of the radiogroup, then just read
#values = $cgi->param($cgi->param("radiogroup_name")); // IIRC