Friday, May 17, 2024
Homepage · security
 Popular · Latest · Hot · Upcoming
179
rated 0 times [  182] [ 3]  / answers: 1 / hits: 87194  / 11 Years ago, fri, june 28, 2013, 12:00:00

I am designing a site where it would be problematic if macros were allowed to run freely.


I have thought of a way to stop a macro made by simulating the HTTP requests from a button click but this would be in vain if they could insert javascript scripts which just "click" the button and proceed as a normal user would.


By simulating a button click, I mean, the button is pressed and the Form the button is in runs with the php code associated with it.


Logic tells me javascript can do this but I would like to know for sure, thank you for any input!


More From » security
 Answers
14

A button may be always clicked programmatically. For example you may have a page with a form like this:


<form>

    <input type="text" />

    <button>Do something</button>

    <input type="submit">

</form>

then it is possible just to open debug console and type


document.getElementsByTagName('button')[0].click();

which will click the button, or


document.getElementsByTagName('input')[1].click();

which will click the submit button of the form, or just


document.forms[0].submit();

to submit the form without clicking the button.


There is no way to prevent user from mastering JavaScript code on client. You have to add some validation on server side in order to prevent unwanted user actions.


[#77327] Thursday, June 27, 2013, 11 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
mustafaericho
Add To Favorites
Follow
Total Points: 322
Total Questions: 103
Total Answers: 110
Location: Montenegro
Member since Thu, Jun 16, 2022
2 Years ago
mustafaericho questions
Mon, May 31, 21, 00:00, 3 Years ago
Sun, May 23, 21, 00:00, 3 Years ago
Sat, Feb 13, 21, 00:00, 3 Years ago
Sat, Jan 2, 21, 00:00, 3 Years ago
Thu, Nov 12, 20, 00:00, 4 Years ago
View All
;