Re: [Cppcms-users] Why wikipp calls document.write() to generate simple <form> tag?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Aha! Artyom, many thanks again for yet another precious lesson of
secured HTML design!

I do not see this recipe in tutorial. Isn't it a good idea to add it to
"security design" chapter?

Best Regards,
CN

On Mon, Jan 25, 2016, at 05:34 PM, Artyom Beilis wrote:
> It is simple spam robot filter.
> 
> i.e. most spam bots search HTML for form tag and look the post address
> to send some garbage.
> Most of them do not run JavaScript so they wouldn't find the address
> to post data unless they
> write specific code for wikipp - which is likely isn't something bot
> writers would bother.
> 
> Simple but yet efficient anti-robot security layer.
> 
> Artyom
> 
> On Mon, Jan 25, 2016 at 11:25 AM, CN <cn...@fa...> wrote:
> > Hello!
> >
> > I noticed below part of file "page.tmpl" in wikipp long time ago.
> >
> >         <script type="text/javascript">
> >         <!--
> >                 document.write('<for')
> >                 document.write('m actio')
> >                 document.write('n="')
> >                 document.write('<%= submit %>" me')
> >                 document.write('thod="po')
> >                 document.write('st">')
> >         -->
> >         </script>
> >
> > I have no idea about the moral of such design, but I did not ask why.  I
> > think I should not keep pretending understanding it any more!  What is
> > funny is that trying to figure out why, I ended up running into an
> > article saying that document.write() doesn't work with Firefox when it
> > encounter xhtml :-)
> >
> > Could anyone clarify for me:
> > Why the most simple and straightforward HTML code "<form>" is not used
> > instead?
> >
> > Thank you in advance!
> > Best Regards,
> > CN
> >
> > --
> > http://www.fastmail.com - The way an email service should be
> >
> >
> > ------------------------------------------------------------------------------
> > Site24x7 APM Insight: Get Deep Visibility into Application Performance
> > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> > Monitor end-to-end web transactions and take corrective actions now
> > Troubleshoot faster and improve end-user experience. Signup Now!
> > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> > _______________________________________________
> > Cppcms-users mailing list
> > Cpp...@li...
> > https://lists.sourceforge.net/lists/listinfo/cppcms-users
> 
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Cppcms-users mailing list
> Cpp...@li...
> https://lists.sourceforge.net/lists/listinfo/cppcms-users

-- 
http://www.fastmail.com - Choose from over 50 domains or use your own