This forum is no longer open and is for reading/searching only.

Please use our new MachForm Community Forum instead.

MachForm Community Forums » MachForm 3

Form Security

Started 12 years ago by sapan | 9 posts |


  1. sapan
    Member

    hello, i have tried some XSS scripts like entered javascripts in the form fields and the form submitted successfully. I am reallyworried about the security of the form like XSS and SQL injections. Can anyone help me in this.
    Thanks

    Posted 12 years ago #

  2. yuniar

    Javascripts and HTML tags are being filtered already. By filtering, the characters are being parsed into a safe, non-executable code. The form itself will submit successfully, but the code won't do no harm, because they already being converted into safe characters. If you want to check it, you can go through the backend mysql database and you'll see the filtered characters.

    We also aware of SQL injections and doing protection on this already. Since version 3 of MachForm, all queries are being executed using prepared statements (using PDO library) which is very secure against SQL injections.

    MachForm Founder

    Posted 12 years ago #

  3. sapan
    Member

    Thank you for the clarification, actually i have been targeted once so i am really worried about the form security. I have one more question, how can i make a form like this http://www.neilmed.com/usa/samplerequest.php i.e. i want to build a form with checkboxes underneath an image in rows and columns.

    Thanks.

    Posted 12 years ago #

  4. yuniar

    Basically you can insert the HTML tag for the image into your checkbox label. So for example, you can insert this tag into your checkbox field:

    <img src="my_image.jpg" /> Your field label here

    MachForm Founder

    Posted 12 years ago #

  5. sapan
    Member

    Brilliant, thank you very much. There is a small problem and i am not sure that it is only happening to me. The CAPTCHA doesn't show up in Safari on windows(i have not checked in MAC) and also while submitting the form, the validation error also not coming up instead the form is being submitted successfully.

    Thanks

    Posted 12 years ago #

  6. yuniar

    Can you let me know the URL to your form please? Or you can send it via email if you don't want to post it here.
    Basically, once you have passed the CAPTCHA test, you won't be prompted to fill it again for your subsequent submissions. This is valid until the session expired or your browser is being closed.

    MachForm Founder

    Posted 12 years ago #

  7. sapan
    Member

    I got the answer, what exactly is happening when i open the form for first time, the captcha shows up but it doesn't shows up for subsequent submission, if i close my browser then again the captcha re-appears. You are right.

    I have a small question, can i do nesting of forms i.e. if i have a form called formx, then instead of creating similar forms can i have formx1, formx2, etc under formx? i know you have given the option to tag similar forms but that will create independent forms, what i want is when i click on the header formx in the admin panel then all forms under formx will appear i.e. formx1, formx2, etc. Is there any scope?

    Thanks

    Posted 12 years ago #

  8. yuniar

    I'm afraid it won't be possible to do so. Sorry.

    MachForm Founder

    Posted 12 years ago #

  9. sapan
    Member

    I understand, no problem.
    I have one more question is there any facility while adding the address field can i customize the countries i.e. only keep the countries i want and delete the rest and also can i have country specific state drop down lis?

    Thanks

    Posted 12 years ago #

RSS feed for this topic

Reply