My company's app builds simple forms that people can use on their websites to get information into our app. We have a generic form response script that each of these forms submits to, to gather and parse the webform responses.
We're encountering form values that look a lot like the values in Google Analytics cookies (utmz, utmsc, utmccn) The cookies are clearly not part of the form fields. The form is being done with a simple HTML form submit, so I'm at a loss how these values are getting appended on to the post.
Here's a sample form submission:
http://website.com/submit.php?&clientGuid=2342342abcde23423423&webformid=12&prospect_id=12345&custom_Register_or_Dance_the_Chicken=Register&__utma=84164169.205192989.1344888984.1346176569.1346178936.47&__utmc=84164169&__utmz=84164169.1344888984.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Under what circumstances would a browser submit cookies along with a form submit? Is there a way to prevent it?
This looks like cross-domain user tracking... From the Google Analytics docs for _linkByPost():
The _linkByPost() method passes the GATC cookies from the referring form to another site in a string appended to the action value of the form (HTTP POST).
If there's no onsubmit='...' code directly on the form, it might be attached via jQuery or some other method.
It may be due to Google Chrome adding them to your form variables on submission...
Related
I'm having big problems with the Chronoforms V5 - Content Plugin for Joomla.
If I send the form without integrating it in an article the Captcha will validated correctly, but if I use the Content-Plugin in an article, everytime the message "The entered verification code is wrong" appears.
Maybe one of you can help me????
If you have caching on then an older version of the form may be served and the token in that will not match to the current user. In that case you need to use one of the anti-spam methods that does not rely on a matched token like a Google captcha.
If there is more than one form in the page and you have Relative URL set to Yes then the form may be submitting to the 'other' form URL - this would also give a mismatched token.
My angular application needs to submit a form to a vendor. They then redirect the user to a page that I specified earlier in the process.
So I want standard, non-angular html form submit behaviour.
The documentation (details below) makes it sound like all I need to do is add an action attribute to my form element. I have tried this and it does not work.
Has anyone used this functionality in angular? Is there another step that I am missing?
The relevant section of the documentation at https://docs.angularjs.org/api/ng/directive/form is:
Submitting a form and preventing the default action
Since the role of forms in client-side Angular applications is different than in classical roundtrip apps, it is desirable for the browser not to translate the form submission into a full page reload that sends the data to the server. Instead some javascript logic should be triggered to handle the form submission in an application-specific way.
For this reason, Angular prevents the default action (form submission to the server) unless the element has an action attribute specified.
Angular does that. When you provide an action on the form, it should do exactly what you're trying to do (do a javascript thing, then submit the form).
Here is a plunk
In the plunk, you can see the $scope.submitted say 'submitted' just before the form submission kicks the page over to the submitted.html
I'm looking to pass data from a form into an iFrame, but I have a slight problem.
The form page I can edit with no restrictions
The page I send the data to I cannot edit unless its html or JavaScript
The data needs to end up in an iframe within this page, which I can edit with no restrictions
I'm incorporating a search function into a CMS system which is why I cannot edit the iframe's parent page, and why I am using iframes at all.
At the moment the data sends to the parent page but is not picked up within the iframe, I am sending via the POST method.
I got it..
Added and extra page which converted the post data into session data,
if anyone knows a better way i would like to hear it though.
And they are the same domain, but editing the CMS system would have taken ages to look through as its not mainstream or developed by me.
Maybe I'm oversimplifying the problem, but can't you use the "target" attribute of the form tag to post to the Iframe?
I have an HTML form that uses the Facebook registration plugin. I have a couple of custom text fields (the kind that are included in the iFrame itself).
Whether user prefills the form using Facebook. or enters the data himself, I am able to store all values in my database without.
At the end of my post method, I redirect to load the same page. At this point, I would like to populate the fields from the data in my database. By which I mean, if the user logs off Facebook, on this page, he should still see the data that he has submitted to my database.
How do I set values for the fields (both custom and regular fields) in the registration form?
Should I say document.getElementById('field_name').value = "hello"?
Well it depends which technology you are using to generate the pages. That would be good to know. You most likely would have the JSP/ASP/PHP prepopulate those fields with from the data as it sends the HTML to the user.
I would like to have a user redirected to an external credit card gate. Of course I have to POST some user info to that gate, but I don't know how exactly can I do this.
I know that I could do this by generating a html form with hidden or read-only fields and have a user click "Submit" button. But this solution is not perfect, because all the form data could be easily changed using e.g. Firebug. I think you cannot do this using $this->_redirect(...). But maybe there is some other solution?
Many thanks for any tips or suggestions.
I would like to have a user redirected to an external credit card gate. Of course I have to POST some user info to that gate, but I don't know how exactly can I do this.
Using a form is the only method available. The RFC states that the user should explicitly agree to sending a POST (i.e. click on a submit button).
I know that I could do this by generating a html form with hidden or read-only fields and have a user click "Submit" button. But this solution is not perfect, because all the form data could be easily changed using e.g.
It is no more secure that using a redirect as the header data can be modified without too much of a problem. There are even Firefox plugins to do it.
use cURL to post data
http://framework.zend.com/manual/en/zend.http.client.adapters.html