Issue #31 open

use validation to protect against spambots

Thomas Waldmann
repo owner created an issue

often spambots just jump on every form field and submit button they can find and fill in what they believe that will result in links to their sites.

often this is just html, like {{{ <a ... href="http://advertised-site.com" ...> }}}

as we do not need (and should not accept) html input for many form fields we can use a validator that detects some generic html patterns and rejects the form submission then.

E.g.: * item name input fields * action comment fields * metadata (json) * quick search query input field (maybe - do we need to search for such stuff, do we need to lower the load?)

Exceptions where this (simple) validator should not be used: * the revision data edit field of text/html items (of course) * other revision data edit fields (html-like stuff could be a valid part of pre/code sections, so this gets too difficult to decide whether it is legitimate or not)

Note: sometimes it is not even needed to protect every input field, as they'll fill their crap in every form field anyway. :D

Comments (3)

  1. Log in to comment