Reputation: 1
Prevent Hyperlink on ASP text box validation
I am trying to stop spammers submitting Hyperlinks on a text box for a form.
The form asks the user to input their Full Name, Email Address, Telephone Number and then there is a box for them to enter a message. The Email Address and Telephone Number prevent hyperlinks because the validation specifies that the Phone can only consist of numbers, and the Email must contain an @.
Is there a way using Javascript combined with ASP that I can stop a form being submitted if it contains (http) or (www).
I tried the following without success
<script type="text/javascript">
function Validate(x, y) {
str = (document.getElementById('Messagetxt')).value;
if (str.match(/(http)(www)([\<])([^\>]{1,})*([\>])/i) == null) {
y.IsValid = true;
}
else {
y.IsValid = false;
}
}
</script>
Which is linked to a Custom Validator for the text box. When ever I enter http, www, or html tags < >, which I am trying to prevent, the form submits but presents an error page.
Upvotes: 0
Views: 415
Answers (1)
Reputation:
Usually what you're experiencing aren't hackers but bots passing over your site. I would recommend a more simplistic approach (maybe as well as) of tricking the bots into filling a hidden field.
Put a textbox on your form with a style set to display: none;, along with a completely unrelated id, something like catchUnreal. Check the value of catchUnreal on your server side code to see if it has a value. If it does, it is highly likely that a bot has completed your form - don't submit the answer:
<input type="text" id="catchUnreal" class="dontDisplay" />
...
...
<%if Request.Form("catchUnreal")<>"" then
'Do my stuff
end if%>
(If you catch my drift).
-- EDIT --
Apologies - I wasn't reading properly.
The process above can also be applied using JavaScript by simply checking the hidden box value using JavaScript:
if(document.getElementById("catchUnreal").value<>"") doProcessing();
--Edit --
Another idea is to use the server-side command server.HTMLEncode(string) which will remove any unwanted tag encodings.
Upvotes: 1
Related Questions
- Prevent html injection on Asp.Net textbox validation
- Javascript - textbox validation on ASP.Net button click
- How i can prevent user to enter back links in text box in ASP.Net
- Make asp:LinkButton behave like asp:button
- Form Validation Disable Link
- Required Field Validator issue validating TextBox value
- asp.Net prevent server side link with javascript
- ASP Hyperlink control using href="#" and validation
- asp.net link button preventing postback
- Bypass ASP.NET validation for onClick event of input