The EuroCMS Forms Module
| Author | Revision | date |
|---|---|---|
| Imri Paloja | design | 20-05-2022 |
The HTML form is generated using custom html tags. This is to trick the casual bots that are programmed to search and abuse any forms they find online.
For the 'hacker' that goes the extra mile, so actually sit in front of the website, and manually try to hack it, the following precautions have been implemented:
The ECMS Form structure uses Ajax to process the form data. The Ajax Form POST link, is auto generated, it is saved server side as a variable, and used later on, to let the Ajax controller know, where to POST the data.
A UID is generated every time a form is loaded. That UID is checked every time the user submits a form. If they don't match, or is none existing, the form will not be processed.
So, lets say the hacker has the UID, and the unique path of the Ajax request, all the form data are validated, sanitized, and the HTML entities are escaped.
https://austingil.com/how-to-build-html-forms-right-security/
https://developer.mozilla.org/en-US/docs/Learn/Forms/Advanced_form_styling
https://developer.mozilla.org/en-US/docs/Learn/Forms/Sending_and_retrieving_form_data
https://developer.mozilla.org/en-US/docs/Learn/Forms/Form_validation
# Steps,
1. Type in form name: 2. Select form element(input,textarea) A. `input` selected B. Select type of input(text, url,email) C. input type text selected D. Select attributes: Attributes # Add new form
## Blank window appears with "select form elemts" text.
Popup drop down appears with the following:
- <input> - <textarea> - <button> - <select> - <option> - <optgroup> - <fieldset> - <label> - <output>
## input select Input tag is inserted in the blank window. Click the gear icon, and add input type attributes
DB structure
| form_id | domain_id | user_id | group_id | form_name | form | user_lock | status |
|---|---|---|---|---|---|---|---|
| 1 | 1 | 1 | 1 | contact | {JsonBlob} | 1 | enabled |
The HTML <form> Elements
The HTML <form> element can contain one or more of the following form elements:
-
<input>
-
<label>
-
<select>
-
<textarea>
-
<button>
-
<fieldset>
-
<legend>
-
<datalist>
-
<output>
-
<option>
-
<optgroup>
HTML Input Types
Here are the different input types you can use in HTML:
-
<input type="button">
-
<input type="checkbox">
-
<input type="color">
-
<input type="date">
-
<input type="datetime-local">
-
<input type="email">
-
<input type="file">
-
<input type="hidden">
-
<input type="image">
-
<input type="month">
-
<input type="number">
-
<input type="password">
-
<input type="radio">
-
<input type="range">
-
<input type="reset">
-
<input type="search">
-
<input type="submit">
-
<input type="tel">
-
<input type="text">
-
<input type="time">
-
<input type="url">
-
<input type="week">
HTML Input Attributes
Here are the different input Attributes you can use in HTML:
-
value
-
readonly
-
disabled
-
size
-
maxlength
-
min|max
-
multiple
-
pattern
-
placeholder
-
required
-
step
-
autofocus
-
height:width
-
datalist
-
autocomplete
Type;name;attributes:value
# Examples of input_fields
Type;name;attribute:value:attribute:value
text;fname;John;disabled,text;lname;John;readonly,
text;number;John;size:20,text;year;John;maxlength:20:size:20,
number;number;John;min:18:max:80,file;Files:multiple,
text;country_code;pattern:[A-Za-z]{3}:title:Herro ?