is this HTML input form secure?

Question

i managed to build this form using many sources over internet , and it actually works. But do not know if it is good against any breaks.

        <form action="/some/server/some.cgi" method="POST">
            <fieldset>
                <legend>contact me:</legend>
                <input type="hidden" name="recipient"
               value="some@some.com">
                <input type="hidden" name="subject"
           value="message ">
                <br>
                <br>
                <table>
                    <tr>
                        <td>
                            <input type="text" name="name" 
                 placeholder="Your Name please" size="30"
            maxlength="30" title="Your name (no numbers)" 
         pattern="[a-zA-Z]{2,30}" required>
                        </td>
                    </tr>

                    <tr>
                        <td>

                            <input type="email" value="email"  
           name="email" placeholder="Provide valid email please" 
                 pattern="[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,3}$"
                title="Your VALID email address" size="30" 
             maxlength="50" required>

                        </td>
                    </tr>
                    <tr>
                        <td>
                            <input type="text" name="message" 
            placeholder="Message" size="30" maxlength="200"

            title="Long text is not allowed" 
                   pattern="[a-zA-Z0-9\s]{5,200}" required>
                        </td>
                    </tr>
                    <tr>
                        <td>
                            <input type="submit" value="Send" 
                     name="Submit">
                        </td>
                    </tr>
                </table>
            </fieldset>
        </form>

i am new to regEx and would like to know any issues that can happen with this form. thanks

Answer 1

The regex will reject valid email addresses. Client side data validation provides no protection against someone trying to subvert your application. The "pattern" attribute is (from memory) a fairly recent addition and ignored by Safarai and older browsers.

What are your criteria for "secure".

Answer 2

In the name field you cannot provide space because your regular expression won't allow it.. If you want to allow space please change the below pattern

[a-z A-Z]{2,30}

Answer 3

There is no One particular answer whether or not the form is secure. It always depends on the attacker's way of thinking .There many creative ways hackers can think of to bypass a particular form.

The main place to work on is Server-Side for security Not the Client-Side because Client-Side HTML andJavaScript can be manipulated any how.

Anyways,

You can refer to these links :

 code.tutsplus.com/tutorials/secure-your-forms-with-orm-keys--net-4753"
 www.youtube.com/watch?v=ATBdUB-aXko"
 www.formstack.com/features/security