[TYPO3-typo3org] buzz.typo3.org: Posting form allows HTML tags
Thomas Hempel
thomas at work.de
Tue Jan 16 12:03:10 CET 2007
Hi Rupert,
on my page I have added a simple JavaScript that adds the form action after 10 seconds. So a bot
without a JavaScript interpreter will never see the correct target URL.
That scripted stopped the spam completely on my page. (Instead of the trackback stuff of course).
Look here for an example:
http://www.typo3-unleashed.net/singleentry.html?&tx_ttnews[tt_news]=611&tx_ttnews[backPid]=24&cHash=2b4527ce06
<script language="javascript" type="text/javascript">
<!--
var secs
var timerID = null
var timerRunning = false
var delay = 1000
function InitializeTimer() {
// Dauer der Spamsperre
secs = 10
StopTheClock()
StartTheTimer()
}
function StopTheClock() {
if(timerRunning)
clearTimeout(timerID)
timerRunning = false
}
function StartTheTimer() {
if (secs==0) {
StopTheClock()
document.getElementById('commentform').action =
"index.php?id=singleentry&tx_ttnews[tt_news]=611&tx_ttnews[backPid]=24&cHash=2b4527ce06"
document.getElementById('submit').disabled = false
document.getElementById('submit').value = "Submit comment"
} else {
document.getElementById("submit").disabled = true
document.getElementById("submit").value = "Submit comment (" + secs + ")"
secs = secs - 1
timerRunning = true
timerID = self.setTimeout("StartTheTimer()", delay)
}
}
InitializeTimer()
//-->
</script>
Greets,
Thomas
P.S.: The script is not from me but from Christoph Neumüller
--
typo3-unleashed.net
More information about the TYPO3-team-typo3org
mailing list