Tonnerre LOMBARD wrote:
Salut,
On Tue, Aug 15, 2006 at 06:19:21PM +0200, Matthias Keller wrote:
One thing I have been pretty successful in blocking spam is javascript... Of course one can argue not all browser support or execute JS but today when every 3rd site completely relies on JS this is no valid point anymore IMHO I use a onSubmit script which sets a variable before submitting. only if this value is received correctly in the script the form is processed...
Do you really think a spammer will sit in front of his browser typing in all the spam? Those are scripts, and these scripts just send you data without ever considering to look at your JavaScript foo.
Correct. And that's the way it works :) consider this: <form method="POST" action="post.php" onSubmit="this.somefield.value=123"> <input type=hidden name="somefield" value=""> ... </form>
If the post.php receives the POST request without $_POST["somefield"] == "123" it refuses to send the mail...
Since the scripts won't interprete javascript they wont send the 123 as a value for somefield and thus all their tries wont succeed
Matt